eap7-jboss-security-negotiation vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the eap7-jboss-security-negotiation package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Improperly Implemented Security Check for Standard	<0:3.0.5-2.Final_redhat_00001.1.el7eap
H Race Condition	<0:3.0.5-2.Final_redhat_00001.1.el7eap
H Allocation of Resources Without Limits or Throttling	<0:3.0.6-1.Final_redhat_00001.1.el7eap
H Improper Input Validation	<0:3.0.6-1.Final_redhat_00001.1.el7eap
H Improper Access Control	<0:3.0.6-1.Final_redhat_00001.1.el7eap
H Incorrect Authorization	<0:3.0.6-1.Final_redhat_00001.1.el7eap
H Privilege Context Switching Error	<0:3.0.6-1.Final_redhat_00001.1.el7eap
H Resource Exhaustion	<0:3.0.6-1.Final_redhat_00001.1.el7eap
H Cross-site Scripting (XSS)	<0:3.0.6-1.Final_redhat_00001.1.el7eap
H Insufficiently Protected Credentials	<0:3.0.6-1.Final_redhat_00001.1.el7eap
M Loop with Unreachable Exit Condition ('Infinite Loop')	<0:3.0.4-1.Final_redhat_1.1.ep7.el7
M HTTP Request Smuggling	<0:3.0.4-1.Final_redhat_1.1.ep7.el7
H Access Restriction Bypass	<0:3.0.3-1.Final_redhat_1.1.ep7.el7
H Improper Authorization	<0:3.0.6-1.Final_redhat_00001.1.el7eap
H XML External Entity (XXE) Injection	<0:3.0.6-1.Final_redhat_00001.1.el7eap
H Information Exposure	<0:3.0.5-2.Final_redhat_00001.1.el7eap
M Cross-site Scripting (XSS)	<0:3.0.5-1.Final_redhat_00001.1.ep7.el7
M Directory Traversal	<0:3.0.4-1.Final_redhat_1.1.ep7.el7
M Information Exposure	<0:3.0.4-2.Final_redhat_1.1.el7eap
H HTTP Request Smuggling	<0:3.0.6-1.Final_redhat_00001.1.el7eap
M Improper Input Validation	<0:3.0.4-1.Final_redhat_1.1.ep7.el7
H HTTP Response Splitting	<0:3.0.3-1.Final_redhat_1.1.ep7.el7
H Cross-site Request Forgery (CSRF)	<0:3.0.5-2.Final_redhat_00001.1.el7eap
H Deserialization of Untrusted Data	<0:3.0.5-2.Final_redhat_00001.1.el7eap
H Deserialization of Untrusted Data	<0:3.0.5-2.Final_redhat_00001.1.el7eap
H Deserialization of Untrusted Data	<0:3.0.5-2.Final_redhat_00001.1.el7eap
H Deserialization of Untrusted Data	<0:3.0.5-2.Final_redhat_00001.1.el7eap
H CVE-2015-0254	<0:3.0.3-1.Final_redhat_1.1.ep7.el7
M Arbitrary Argument Injection	<0:3.0.5-1.Final_redhat_00001.1.ep7.el7

Vulnerability

Vulnerable Version

Improperly Implemented Security Check for Standard

<0:3.0.5-2.Final_redhat_00001.1.el7eap

Race Condition

<0:3.0.5-2.Final_redhat_00001.1.el7eap

Allocation of Resources Without Limits or Throttling

<0:3.0.6-1.Final_redhat_00001.1.el7eap

Improper Input Validation

<0:3.0.6-1.Final_redhat_00001.1.el7eap

Improper Access Control

<0:3.0.6-1.Final_redhat_00001.1.el7eap