eap7-jboss-security-negotiation vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the eap7-jboss-security-negotiation package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
Improperly Implemented Security Check for Standard

<0:3.0.5-2.Final_redhat_00001.1.el7eap
  • H
Race Condition

<0:3.0.5-2.Final_redhat_00001.1.el7eap
  • H
Allocation of Resources Without Limits or Throttling

<0:3.0.6-1.Final_redhat_00001.1.el7eap
  • H
Improper Input Validation

<0:3.0.6-1.Final_redhat_00001.1.el7eap
  • H
Improper Access Control

<0:3.0.6-1.Final_redhat_00001.1.el7eap
  • H
Incorrect Authorization

<0:3.0.6-1.Final_redhat_00001.1.el7eap
  • H
Privilege Context Switching Error

<0:3.0.6-1.Final_redhat_00001.1.el7eap
  • H
Resource Exhaustion

<0:3.0.6-1.Final_redhat_00001.1.el7eap
  • H
Cross-site Scripting (XSS)

<0:3.0.6-1.Final_redhat_00001.1.el7eap
  • H
Insufficiently Protected Credentials

<0:3.0.6-1.Final_redhat_00001.1.el7eap
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

<0:3.0.4-1.Final_redhat_1.1.ep7.el7
  • M
HTTP Request Smuggling

<0:3.0.4-1.Final_redhat_1.1.ep7.el7
  • H
Access Restriction Bypass

<0:3.0.3-1.Final_redhat_1.1.ep7.el7
  • H
Improper Authorization

<0:3.0.6-1.Final_redhat_00001.1.el7eap
  • H
XML External Entity (XXE) Injection

<0:3.0.6-1.Final_redhat_00001.1.el7eap
  • H
Information Exposure

<0:3.0.5-2.Final_redhat_00001.1.el7eap
  • M
Cross-site Scripting (XSS)

<0:3.0.5-1.Final_redhat_00001.1.ep7.el7
  • M
Directory Traversal

<0:3.0.4-1.Final_redhat_1.1.ep7.el7
  • M
Information Exposure

<0:3.0.4-2.Final_redhat_1.1.el7eap
  • H
HTTP Request Smuggling

<0:3.0.6-1.Final_redhat_00001.1.el7eap
  • M
Improper Input Validation

<0:3.0.4-1.Final_redhat_1.1.ep7.el7
  • H
HTTP Response Splitting

<0:3.0.3-1.Final_redhat_1.1.ep7.el7
  • H
Cross-site Request Forgery (CSRF)

<0:3.0.5-2.Final_redhat_00001.1.el7eap
  • H
Deserialization of Untrusted Data

<0:3.0.5-2.Final_redhat_00001.1.el7eap
  • H
Deserialization of Untrusted Data

<0:3.0.5-2.Final_redhat_00001.1.el7eap
  • H
Deserialization of Untrusted Data

<0:3.0.5-2.Final_redhat_00001.1.el7eap
  • H
Deserialization of Untrusted Data

<0:3.0.5-2.Final_redhat_00001.1.el7eap
  • H
CVE-2015-0254

<0:3.0.3-1.Final_redhat_1.1.ep7.el7
  • M
Arbitrary Argument Injection

<0:3.0.5-1.Final_redhat_00001.1.ep7.el7