Skip to content

Instantly share code, notes, and snippets.

@AB-xdev

AB-xdev/gist:b089f02206596979dbe46523917f9a39 Secret

Created September 1, 2021 07:55
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save AB-xdev/b089f02206596979dbe46523917f9a39 to your computer and use it in GitHub Desktop.
Save AB-xdev/b089f02206596979dbe46523917f9a39 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
opt/jboss/wildfly/bin/client/jboss-client.jar
=============================================
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 1, CRITICAL: 0)
+---------------------------+------------------+----------+-------------------+---------------+--------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------------------------+------------------+----------+-------------------+---------------+--------------------------------------+
| io.undertow:undertow-core | CVE-2018-1048 | HIGH | 2.2.8.Final | | undertow: ALLOW_ENCODED_SLASH |
| | | | | | option not taken into account |
| | | | | | in the AjpRequestParser |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-1048 |
+ +------------------+----------+ +---------------+--------------------------------------+
| | CVE-2018-1067 | MEDIUM | | 7.1.2 | undertow: HTTP header |
| | | | | | injection using CRLF with UTF-8 |
| | | | | | Encoding (incomplete fix of... |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-1067 |
+---------------------------+------------------+----------+-------------------+---------------+--------------------------------------+
opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-2.2.8.Final.jar
================================================================================================
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 1, CRITICAL: 0)
+---------------------------+------------------+----------+-------------------+---------------+--------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------------------------+------------------+----------+-------------------+---------------+--------------------------------------+
| io.undertow:undertow-core | CVE-2018-1048 | HIGH | 2.2.8.Final | | undertow: ALLOW_ENCODED_SLASH |
| | | | | | option not taken into account |
| | | | | | in the AjpRequestParser |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-1048 |
+ +------------------+----------+ +---------------+--------------------------------------+
| | CVE-2018-1067 | MEDIUM | | 7.1.2 | undertow: HTTP header |
| | | | | | injection using CRLF with UTF-8 |
| | | | | | Encoding (incomplete fix of... |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-1067 |
+---------------------------+------------------+----------+-------------------+---------------+--------------------------------------+
opt/jboss/wildfly/modules/system/layers/base/org/apache/activemq/artemis/main/artemis-server-2.16.0.jar
=======================================================================================================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
+------------------------------------+------------------+----------+-------------------+-----------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+------------------------------------+------------------+----------+-------------------+-----------------+---------------------------------------+
| org.apache.activemq:artemis-server | CVE-2020-13947 | MEDIUM | 2.16.0 | 5.15.14, 5.16.1 | Cross-site Scripting |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13947 |
+------------------------------------+------------------+----------+-------------------+-----------------+---------------------------------------+
opt/jboss/wildfly/modules/system/layers/base/org/apache/commons/io/main/commons-io-2.5.jar
==========================================================================================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
+-----------------------+------------------+----------+-------------------+---------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+-----------------------+------------------+----------+-------------------+---------------+---------------------------------------+
| commons-io:commons-io | CVE-2021-29425 | MEDIUM | 2.5 | 2.7 | apache-commons-io: Limited |
| | | | | | path traversal in Apache |
| | | | | | Commons IO 2.2 to 2.6 |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-29425 |
+-----------------------+------------------+----------+-------------------+---------------+---------------------------------------+
opt/jboss/wildfly/modules/system/layers/base/org/apache/sshd/main/sshd-core-2.6.0.jar
=====================================================================================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
+---------------------------+------------------+----------+-------------------+---------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------------------------+------------------+----------+-------------------+---------------+---------------------------------------+
| org.apache.sshd:sshd-core | CVE-2021-30129 | MEDIUM | 2.6.0 | 2.7.0 | mina-sshd-core: Memory leak denial |
| | | | | | of service in Apache Mina SSHD Server |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-30129 |
+---------------------------+------------------+----------+-------------------+---------------+---------------------------------------+
opt/jboss/wildfly/modules/system/layers/base/org/apache/thrift/main/libthrift-0.13.0.jar
========================================================================================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
+-----------------------------+------------------+----------+-------------------+---------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+-----------------------------+------------------+----------+-------------------+---------------+---------------------------------------+
| org.apache.thrift:libthrift | CVE-2020-13949 | HIGH | 0.13.0 | 0.14.0 | libthrift: potential DoS when |
| | | | | | processing untrusted payloads |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13949 |
+-----------------------------+------------------+----------+-------------------+---------------+---------------------------------------+
opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-client-microprofile/main/resteasy-client-microprofile-3.15.1.Final.jar
===============================================================================================================================================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
+-------------------------------------------------+------------------+----------+-------------------+---------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+-------------------------------------------------+------------------+----------+-------------------+---------------+---------------------------------------+
| org.jboss.resteasy:resteasy-client-microprofile | CVE-2020-25633 | MEDIUM | 3.15.1.Final | 4.5.7.Final | resteasy-client: potential |
| | | | | | sensitive information leakage |
| | | | | | in JAX-RS RESTEasy Client's |
| | | | | | WebApplicationException handling |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-25633 |
+-------------------------------------------------+------------------+----------+-------------------+---------------+---------------------------------------+
opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-client-3.15.1.Final.jar
====================================================================================================================
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 0)
+------------------------------------+------------------+----------+-------------------+---------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+------------------------------------+------------------+----------+-------------------+---------------+---------------------------------------+
| org.jboss.resteasy:resteasy-client | CVE-2020-25633 | MEDIUM | 3.15.1.Final | 4.5.7.Final | resteasy-client: potential |
| | | | | | sensitive information leakage |
| | | | | | in JAX-RS RESTEasy Client's |
| | | | | | WebApplicationException handling |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-25633 |
+ +------------------+ + +---------------+---------------------------------------+
| | CVE-2021-20289 | | | 4.6.1.Alpha1 | resteasy: Error message exposes |
| | | | | | endpoint class information |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-20289 |
+------------------------------------+------------------+----------+-------------------+---------------+---------------------------------------+
opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-jaxrs-3.15.1.Final.jar
===================================================================================================================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
+-----------------------------------+------------------+----------+-------------------+---------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+-----------------------------------+------------------+----------+-------------------+---------------+---------------------------------------+
| org.jboss.resteasy:resteasy-jaxrs | CVE-2021-20289 | MEDIUM | 3.15.1.Final | | resteasy: Error message exposes |
| | | | | | endpoint class information |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-20289 |
+-----------------------------------+------------------+----------+-------------------+---------------+---------------------------------------+
opt/jboss/wildfly/modules/system/layers/base/org/jsoup/main/jsoup-1.8.3.jar
===========================================================================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
+-----------------+------------------+----------+-------------------+---------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+-----------------+------------------+----------+-------------------+---------------+---------------------------------------+
| org.jsoup:jsoup | CVE-2021-37714 | HIGH | 1.8.3 | 1.14.2 | jsoup: Crafted input may cause the |
| | | | | | jsoup HTML and XML parser to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37714 |
+-----------------+------------------+----------+-------------------+---------------+---------------------------------------+
opt/jboss/wildfly/modules/system/layers/base/org/picketlink/common/main/picketlink-common-2.5.5.SP12-redhat-00009.jar
=====================================================================================================================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
+----------------------------------+------------------+----------+-------------------------+---------------+--------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+----------------------------------+------------------+----------+-------------------------+---------------+--------------------------------------+
| org.picketlink:picketlink-common | CVE-2014-3530 | HIGH | 2.5.5.SP12-redhat-00009 | 2.6.1.Final | PicketLink: XXE via insecure |
| | | | | | DocumentBuilderFactory usage |
| | | | | | -->avd.aquasec.com/nvd/cve-2014-3530 |
+----------------------------------+------------------+----------+-------------------------+---------------+--------------------------------------+
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment