Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-1973 (GCVE-0-2023-1973)
Vulnerability from cvelistv5
Published
2024-11-07 10:01
Modified
2024-11-07 14:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Red Hat | Red Hat JBoss Enterprise Application Platform 7 |
cpe:/a:redhat:jboss_enterprise_application_platform:7.4 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T14:06:28.900126Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T14:06:43.345Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
],
"defaultStatus": "unaffected",
"packageName": "undertow",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"defaultStatus": "affected",
"packageName": "eap7-undertow",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.2.30-1.SP1_redhat_00001.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
],
"defaultStatus": "affected",
"packageName": "eap7-undertow",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.2.30-1.SP1_redhat_00001.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-undertow",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.2.30-1.SP1_redhat_00001.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
],
"defaultStatus": "unaffected",
"packageName": "undertow",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
],
"defaultStatus": "affected",
"packageName": "eap8-undertow",
"product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.3.11-1.SP1_redhat_00001.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
],
"defaultStatus": "affected",
"packageName": "eap8-undertow",
"product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.3.11-1.SP1_redhat_00001.1.el9eap",
"versionType": "rpm"
}
]
}
],
"datePublic": "2024-04-04T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T10:01:57.995Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:1674",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
},
{
"name": "RHSA-2024:1675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
},
{
"name": "RHSA-2024:1676",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
},
{
"name": "RHSA-2024:1677",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
},
{
"name": "RHSA-2024:2763",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
},
{
"name": "RHSA-2024:2764",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"name": "RHBZ#2185662",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-20T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-04-04T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Undertow: unrestricted request storage leads to memory exhaustion",
"x_redhatCweChain": "CWE-20: Improper Input Validation"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-1973",
"datePublished": "2024-11-07T10:01:57.995Z",
"dateReserved": "2023-04-10T23:29:16.249Z",
"dateUpdated": "2024-11-07T14:06:43.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-1973\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2024-11-07T10:15:05.400\",\"lastModified\":\"2024-11-08T19:01:03.880\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una falla en el paquete Undertow. Mediante el uso de FormAuthenticationMechanism, un usuario malintencionado podr\u00eda provocar una denegaci\u00f3n de servicio mediante el env\u00edo de solicitudes manipuladas, lo que provocar\u00eda un error de falta de memoria en el servidor y agotar\u00eda su memoria.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1674\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1675\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1676\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1677\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:2763\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:2764\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-1973\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2185662\",\"source\":\"secalert@redhat.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-1973\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-07T14:06:28.900126Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-07T14:06:39.564Z\"}}], \"cna\": {\"title\": \"Undertow: unrestricted request storage leads to memory exhaustion\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:7.4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.2.30-1.SP1_redhat_00001.1.el8eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.2.30-1.SP1_redhat_00001.1.el9eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.2.30-1.SP1_redhat_00001.1.el7eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:8.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 8\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9\", \"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.3.11-1.SP1_redhat_00001.1.el8eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap8-undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9\", \"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.3.11-1.SP1_redhat_00001.1.el9eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap8-undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-02-20T00:00:00+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2024-04-04T00:00:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2024-04-04T00:00:00+00:00\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2024:1674\", \"name\": \"RHSA-2024:1674\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:1675\", \"name\": \"RHSA-2024:1675\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:1676\", \"name\": \"RHSA-2024:1676\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:1677\", \"name\": \"RHSA-2024:1677\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:2763\", \"name\": \"RHSA-2024:2763\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:2764\", \"name\": \"RHSA-2024:2764\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2023-1973\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2185662\", \"name\": \"RHBZ#2185662\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2024-11-07T10:01:57.995Z\"}, \"x_redhatCweChain\": \"CWE-20: Improper Input Validation\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-1973\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-07T14:06:43.345Z\", \"dateReserved\": \"2023-04-10T23:29:16.249Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2024-11-07T10:01:57.995Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
rhsa-2025:4226
Vulnerability from csaf_redhat
Published
2025-04-28 00:20
Modified
2025-08-14 16:22
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.10 on RHEL 7 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:4226",
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "1991299",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991299"
},
{
"category": "external",
"summary": "1995259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995259"
},
{
"category": "external",
"summary": "2010378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010378"
},
{
"category": "external",
"summary": "2011190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011190"
},
{
"category": "external",
"summary": "2063601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601"
},
{
"category": "external",
"summary": "2064226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"
},
{
"category": "external",
"summary": "2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "2073890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
},
{
"category": "external",
"summary": "2080850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850"
},
{
"category": "external",
"summary": "2095862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862"
},
{
"category": "external",
"summary": "2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "2174246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246"
},
{
"category": "external",
"summary": "2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "2209689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689"
},
{
"category": "external",
"summary": "2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "JBEAP-29286",
"url": "https://issues.redhat.com/browse/JBEAP-29286"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_4226.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.10 on RHEL 7 security update",
"tracking": {
"current_release_date": "2025-08-14T16:22:11+00:00",
"generator": {
"date": "2025-08-14T16:22:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2025:4226",
"initial_release_date": "2025-04-28T00:20:32+00:00",
"revision_history": [
{
"date": "2025-04-28T00:20:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-04-28T00:20:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-14T16:22:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"product_id": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.5.11-1.Final_redhat_00001.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"product": {
"name": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"product_id": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@5.0.3-2.redhat_00002.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src",
"product": {
"name": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src",
"product_id": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xml-security@2.0.10-2.redhat_00002.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"product": {
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"product_id": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jsoup@1.14.2-1.redhat_00002.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"product": {
"name": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"product_id": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"product": {
"name": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"product_id": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@1.4.18-14.SP13_redhat_00001.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"product": {
"name": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"product_id": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"product": {
"name": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"product_id": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.1.10-2.GA_redhat_00002.1.ep7.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.5.11-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@5.0.3-2.redhat_00002.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xml-security@2.0.10-2.redhat_00002.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jsoup@1.14.2-1.redhat_00002.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-native@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@1.4.18-14.SP13_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.1.10-2.GA_redhat_00002.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.1.10-2.GA_redhat_00002.1.ep7.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product": {
"name": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product_id": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product": {
"name": "eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product_id": "eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native-wildfly@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product": {
"name": "eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product_id": "eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native-debuginfo@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src"
},
"product_reference": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src"
},
"product_reference": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64"
},
"product_reference": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64"
},
"product_reference": "eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64"
},
"product_reference": "eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src"
},
"product_reference": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src"
},
"product_reference": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src"
},
"product_reference": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src"
},
"product_reference": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
},
"product_reference": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3690",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2021-08-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1991299"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: buffer leak on incoming websocket PONG message may lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Although Red Hat OpenStack Platform packages the vulnerable code in Opendaylight, it does not use or support the undertow-encapsulating features. The security impact for RHOSP is therefore rated as Low and no update will be provided at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3690"
},
{
"category": "external",
"summary": "RHBZ#1991299",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991299"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3690"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3690",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3690"
}
],
"release_date": "2021-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: buffer leak on incoming websocket PONG message may lead to DoS"
},
{
"cve": "CVE-2021-3859",
"cwe": {
"id": "CWE-214",
"name": "Invocation of Process Using Visible Sensitive Information"
},
"discovery_date": "2021-09-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2010378"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: client side invocation timeout raised when calling over HTTP2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3859"
},
{
"category": "external",
"summary": "RHBZ#2010378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010378"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3859",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3859"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3859",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3859"
}
],
"release_date": "2022-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: client side invocation timeout raised when calling over HTTP2"
},
{
"cve": "CVE-2021-37714",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-08-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1995259"
}
],
"notes": [
{
"category": "description",
"text": "jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-37714"
},
{
"category": "external",
"summary": "RHBZ#1995259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995259"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-37714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37714"
},
{
"category": "external",
"summary": "https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c",
"url": "https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c"
}
],
"release_date": "2021-08-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck"
},
{
"cve": "CVE-2021-40690",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2011190"
}
],
"notes": [
{
"category": "description",
"text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the \"secureValidation\" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xml-security: XPath Transform abuse allows for information disclosure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Since OpenShift Container Platform (OCP) 4.7, the logging-elasticsearch6-container is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-40690"
},
{
"category": "external",
"summary": "RHBZ#2011190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011190"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-40690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40690"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-40690",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40690"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E",
"url": "https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E"
}
],
"release_date": "2021-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xml-security: XPath Transform abuse allows for information disclosure"
},
{
"cve": "CVE-2022-0084",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064226"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0084"
},
{
"category": "external",
"summary": "RHBZ#2064226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0084"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084"
}
],
"release_date": "2022-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr"
},
{
"cve": "CVE-2022-1319",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-04-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2073890"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1319"
},
{
"category": "external",
"summary": "RHBZ#2073890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319"
}
],
"release_date": "2022-04-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures"
},
{
"cve": "CVE-2022-2053",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2095862"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Large AJP request may cause DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse 7 is now in Maintenance Support Phase and is marked Fixed. However, Red Hat Fuse Online does not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2053"
},
{
"category": "external",
"summary": "RHBZ#2095862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2053",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2053"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2053",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2053"
}
],
"release_date": "2022-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Large AJP request may cause DoS"
},
{
"cve": "CVE-2022-23913",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2063601"
}
],
"notes": [
{
"category": "description",
"text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "artemis-commons: Apache ActiveMQ Artemis DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23913"
},
{
"category": "external",
"summary": "RHBZ#2063601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2",
"url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2"
}
],
"release_date": "2022-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "artemis-commons: Apache ActiveMQ Artemis DoS"
},
{
"cve": "CVE-2022-24785",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-04-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072009"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moment.js: Path traversal in moment.locale",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Quay 3.10 and above, no version of affected momentjs is present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24785"
},
{
"category": "external",
"summary": "RHBZ#2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
"url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
}
],
"release_date": "2022-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
},
{
"category": "workaround",
"details": "Sanitize the user-provided locale name before passing it to Moment.js.",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moment.js: Path traversal in moment.locale"
},
{
"cve": "CVE-2022-25647",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2080850"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25647"
},
{
"category": "external",
"summary": "RHBZ#2080850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647"
}
],
"release_date": "2022-05-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson"
},
{
"cve": "CVE-2022-25857",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25857"
},
{
"category": "external",
"summary": "RHBZ#2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
}
],
"release_date": "2022-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections"
},
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2023-1108",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2023-02-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2174246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Undertow: Infinite loop in SslConduit during close",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1108"
},
{
"category": "external",
"summary": "RHBZ#2174246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1108",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1108"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-m4mm-pg93-fv78",
"url": "https://github.com/advisories/GHSA-m4mm-pg93-fv78"
}
],
"release_date": "2023-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Undertow: Infinite loop in SslConduit during close"
},
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Keke Lian \u0026 Haoran Zhao"
],
"organization": "System and Software Security Lab in Fudan University"
}
],
"cve": "CVE-2023-3223",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"discovery_date": "2023-05-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2209689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it\u0027s possible to bypass the limit by setting the file name in the request to null.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: OutOfMemoryError due to @MultipartConfig handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-3223"
},
{
"category": "external",
"summary": "RHBZ#2209689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-3223",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3223"
}
],
"release_date": "2023-08-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: OutOfMemoryError due to @MultipartConfig handling"
},
{
"cve": "CVE-2024-1635",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264928"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1635"
},
{
"category": "external",
"summary": "RHBZ#2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635"
}
],
"release_date": "2023-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol"
}
]
}
rhsa-2024:1674
Vulnerability from csaf_redhat
Published
2024-04-04 15:23
Modified
2025-08-14 16:26
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)
* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)
* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)
* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1674",
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "JBEAP-19969",
"url": "https://issues.redhat.com/browse/JBEAP-19969"
},
{
"category": "external",
"summary": "JBEAP-26168",
"url": "https://issues.redhat.com/browse/JBEAP-26168"
},
{
"category": "external",
"summary": "JBEAP-26280",
"url": "https://issues.redhat.com/browse/JBEAP-26280"
},
{
"category": "external",
"summary": "JBEAP-26291",
"url": "https://issues.redhat.com/browse/JBEAP-26291"
},
{
"category": "external",
"summary": "JBEAP-26318",
"url": "https://issues.redhat.com/browse/JBEAP-26318"
},
{
"category": "external",
"summary": "JBEAP-26343",
"url": "https://issues.redhat.com/browse/JBEAP-26343"
},
{
"category": "external",
"summary": "JBEAP-26355",
"url": "https://issues.redhat.com/browse/JBEAP-26355"
},
{
"category": "external",
"summary": "JBEAP-26414",
"url": "https://issues.redhat.com/browse/JBEAP-26414"
},
{
"category": "external",
"summary": "JBEAP-26467",
"url": "https://issues.redhat.com/browse/JBEAP-26467"
},
{
"category": "external",
"summary": "JBEAP-26533",
"url": "https://issues.redhat.com/browse/JBEAP-26533"
},
{
"category": "external",
"summary": "JBEAP-26552",
"url": "https://issues.redhat.com/browse/JBEAP-26552"
},
{
"category": "external",
"summary": "JBEAP-26587",
"url": "https://issues.redhat.com/browse/JBEAP-26587"
},
{
"category": "external",
"summary": "JBEAP-26616",
"url": "https://issues.redhat.com/browse/JBEAP-26616"
},
{
"category": "external",
"summary": "JBEAP-26617",
"url": "https://issues.redhat.com/browse/JBEAP-26617"
},
{
"category": "external",
"summary": "JBEAP-26636",
"url": "https://issues.redhat.com/browse/JBEAP-26636"
},
{
"category": "external",
"summary": "JBEAP-26660",
"url": "https://issues.redhat.com/browse/JBEAP-26660"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1674.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update",
"tracking": {
"current_release_date": "2025-08-14T16:26:58+00:00",
"generator": {
"date": "2025-08-14T16:26:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2024:1674",
"initial_release_date": "2024-04-04T15:23:51+00:00",
"revision_history": [
{
"date": "2024-04-04T15:23:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-04T15:23:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-14T16:26:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.4-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"product": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.4-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-3.SP3_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-35.Final_redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-35.Final_redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-analyzers-common@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-backward-codecs@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-core@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-facet@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-misc@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-queries@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-queryparser@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"product": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el7eap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"product": {
"name": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"product_id": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper-debuginfo@1.1.2-1.redhat_00001.1.el7eap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64"
},
"product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64"
},
"product_reference": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src"
},
"product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:51+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Ankur Sundara"
]
}
],
"cve": "CVE-2023-4639",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Cookie Smuggling/Spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4639"
},
{
"category": "external",
"summary": "RHBZ#2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:51+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Cookie Smuggling/Spoofing"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"discovery_date": "2023-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254210"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-48795"
},
{
"category": "external",
"summary": "RHBZ#2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/7071748",
"url": "https://access.redhat.com/solutions/7071748"
},
{
"category": "external",
"summary": "https://terrapin-attack.com/",
"url": "https://terrapin-attack.com/"
}
],
"release_date": "2023-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:51+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
},
{
"category": "workaround",
"details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)"
},
{
"acknowledgments": [
{
"names": [
"AAIB IT Unix Team"
]
}
],
"cve": "CVE-2024-1459",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2024-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259475"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1459"
},
{
"category": "external",
"summary": "RHBZ#2259475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459"
}
],
"release_date": "2024-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:51+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: directory traversal vulnerability"
},
{
"cve": "CVE-2024-1635",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264928"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1635"
},
{
"category": "external",
"summary": "RHBZ#2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635"
}
],
"release_date": "2023-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:51+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol"
}
]
}
rhsa-2024:1676
Vulnerability from csaf_redhat
Published
2024-04-04 15:23
Modified
2025-08-14 16:27
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)
* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)
* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)
* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1676",
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "JBEAP-19969",
"url": "https://issues.redhat.com/browse/JBEAP-19969"
},
{
"category": "external",
"summary": "JBEAP-26168",
"url": "https://issues.redhat.com/browse/JBEAP-26168"
},
{
"category": "external",
"summary": "JBEAP-26280",
"url": "https://issues.redhat.com/browse/JBEAP-26280"
},
{
"category": "external",
"summary": "JBEAP-26291",
"url": "https://issues.redhat.com/browse/JBEAP-26291"
},
{
"category": "external",
"summary": "JBEAP-26318",
"url": "https://issues.redhat.com/browse/JBEAP-26318"
},
{
"category": "external",
"summary": "JBEAP-26343",
"url": "https://issues.redhat.com/browse/JBEAP-26343"
},
{
"category": "external",
"summary": "JBEAP-26355",
"url": "https://issues.redhat.com/browse/JBEAP-26355"
},
{
"category": "external",
"summary": "JBEAP-26414",
"url": "https://issues.redhat.com/browse/JBEAP-26414"
},
{
"category": "external",
"summary": "JBEAP-26467",
"url": "https://issues.redhat.com/browse/JBEAP-26467"
},
{
"category": "external",
"summary": "JBEAP-26533",
"url": "https://issues.redhat.com/browse/JBEAP-26533"
},
{
"category": "external",
"summary": "JBEAP-26552",
"url": "https://issues.redhat.com/browse/JBEAP-26552"
},
{
"category": "external",
"summary": "JBEAP-26587",
"url": "https://issues.redhat.com/browse/JBEAP-26587"
},
{
"category": "external",
"summary": "JBEAP-26616",
"url": "https://issues.redhat.com/browse/JBEAP-26616"
},
{
"category": "external",
"summary": "JBEAP-26617",
"url": "https://issues.redhat.com/browse/JBEAP-26617"
},
{
"category": "external",
"summary": "JBEAP-26636",
"url": "https://issues.redhat.com/browse/JBEAP-26636"
},
{
"category": "external",
"summary": "JBEAP-26660",
"url": "https://issues.redhat.com/browse/JBEAP-26660"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1676.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update",
"tracking": {
"current_release_date": "2025-08-14T16:27:13+00:00",
"generator": {
"date": "2025-08-14T16:27:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2024:1676",
"initial_release_date": "2024-04-04T15:23:45+00:00",
"revision_history": [
{
"date": "2024-04-04T15:23:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-04T15:23:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-14T16:27:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 9",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.4-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"product": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el9eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-3.SP3_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.22-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.4-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-35.Final_redhat_00034.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-35.Final_redhat_00034.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.36-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.36-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-analyzers-common@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-backward-codecs@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-core@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-facet@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-misc@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-queries@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-queryparser@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"product": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el9eap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64"
},
"product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src"
},
"product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Ankur Sundara"
]
}
],
"cve": "CVE-2023-4639",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Cookie Smuggling/Spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4639"
},
{
"category": "external",
"summary": "RHBZ#2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Cookie Smuggling/Spoofing"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"discovery_date": "2023-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254210"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-48795"
},
{
"category": "external",
"summary": "RHBZ#2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/7071748",
"url": "https://access.redhat.com/solutions/7071748"
},
{
"category": "external",
"summary": "https://terrapin-attack.com/",
"url": "https://terrapin-attack.com/"
}
],
"release_date": "2023-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
},
{
"category": "workaround",
"details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)"
},
{
"acknowledgments": [
{
"names": [
"AAIB IT Unix Team"
]
}
],
"cve": "CVE-2024-1459",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2024-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259475"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1459"
},
{
"category": "external",
"summary": "RHBZ#2259475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459"
}
],
"release_date": "2024-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: directory traversal vulnerability"
},
{
"cve": "CVE-2024-1635",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264928"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1635"
},
{
"category": "external",
"summary": "RHBZ#2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635"
}
],
"release_date": "2023-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol"
}
]
}
rhsa-2024:2763
Vulnerability from csaf_redhat
Published
2024-05-08 14:17
Modified
2025-08-14 16:27
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)
* undertow: Directory traversal vulnerability (CVE-2024-1459)
* undertow: Unrestricted request storage leads to memory exhaustion (CVE-2023-1973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)\n* undertow: Directory traversal vulnerability (CVE-2024-1459)\n* undertow: Unrestricted request storage leads to memory exhaustion (CVE-2023-1973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2763",
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2763.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update",
"tracking": {
"current_release_date": "2025-08-14T16:27:55+00:00",
"generator": {
"date": "2025-08-14T16:27:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2024:2763",
"initial_release_date": "2024-05-08T14:17:10+00:00",
"revision_history": [
{
"date": "2024-05-08T14:17:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-08T14:17:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-14T16:27:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 8",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 8",
"product_id": "Red Hat JBoss Enterprise Application Platform 8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-08T14:17:10+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Ankur Sundara"
]
}
],
"cve": "CVE-2023-4639",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Cookie Smuggling/Spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4639"
},
{
"category": "external",
"summary": "RHBZ#2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-08T14:17:10+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Cookie Smuggling/Spoofing"
},
{
"acknowledgments": [
{
"names": [
"AAIB IT Unix Team"
]
}
],
"cve": "CVE-2024-1459",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2024-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259475"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1459"
},
{
"category": "external",
"summary": "RHBZ#2259475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459"
}
],
"release_date": "2024-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-08T14:17:10+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: directory traversal vulnerability"
}
]
}
rhsa-2024:1675
Vulnerability from csaf_redhat
Published
2024-04-04 15:23
Modified
2025-08-14 16:26
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)
* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)
* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)
* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1675",
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "JBEAP-19969",
"url": "https://issues.redhat.com/browse/JBEAP-19969"
},
{
"category": "external",
"summary": "JBEAP-26168",
"url": "https://issues.redhat.com/browse/JBEAP-26168"
},
{
"category": "external",
"summary": "JBEAP-26280",
"url": "https://issues.redhat.com/browse/JBEAP-26280"
},
{
"category": "external",
"summary": "JBEAP-26291",
"url": "https://issues.redhat.com/browse/JBEAP-26291"
},
{
"category": "external",
"summary": "JBEAP-26318",
"url": "https://issues.redhat.com/browse/JBEAP-26318"
},
{
"category": "external",
"summary": "JBEAP-26343",
"url": "https://issues.redhat.com/browse/JBEAP-26343"
},
{
"category": "external",
"summary": "JBEAP-26355",
"url": "https://issues.redhat.com/browse/JBEAP-26355"
},
{
"category": "external",
"summary": "JBEAP-26414",
"url": "https://issues.redhat.com/browse/JBEAP-26414"
},
{
"category": "external",
"summary": "JBEAP-26467",
"url": "https://issues.redhat.com/browse/JBEAP-26467"
},
{
"category": "external",
"summary": "JBEAP-26533",
"url": "https://issues.redhat.com/browse/JBEAP-26533"
},
{
"category": "external",
"summary": "JBEAP-26552",
"url": "https://issues.redhat.com/browse/JBEAP-26552"
},
{
"category": "external",
"summary": "JBEAP-26587",
"url": "https://issues.redhat.com/browse/JBEAP-26587"
},
{
"category": "external",
"summary": "JBEAP-26616",
"url": "https://issues.redhat.com/browse/JBEAP-26616"
},
{
"category": "external",
"summary": "JBEAP-26617",
"url": "https://issues.redhat.com/browse/JBEAP-26617"
},
{
"category": "external",
"summary": "JBEAP-26636",
"url": "https://issues.redhat.com/browse/JBEAP-26636"
},
{
"category": "external",
"summary": "JBEAP-26660",
"url": "https://issues.redhat.com/browse/JBEAP-26660"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1675.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update",
"tracking": {
"current_release_date": "2025-08-14T16:26:43+00:00",
"generator": {
"date": "2025-08-14T16:26:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2024:1675",
"initial_release_date": "2024-04-04T15:23:50+00:00",
"revision_history": [
{
"date": "2024-04-04T15:23:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-04T15:23:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-14T16:26:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 8",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.4-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"product": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el8eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-3.SP3_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.4-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-35.Final_redhat_00034.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-35.Final_redhat_00034.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-analyzers-common@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-backward-codecs@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-core@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-facet@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-grouping@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-misc@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-queries@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-queryparser@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"product": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el8eap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64"
},
"product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src"
},
"product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:50+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Ankur Sundara"
]
}
],
"cve": "CVE-2023-4639",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Cookie Smuggling/Spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4639"
},
{
"category": "external",
"summary": "RHBZ#2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:50+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Cookie Smuggling/Spoofing"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"discovery_date": "2023-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254210"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-48795"
},
{
"category": "external",
"summary": "RHBZ#2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/7071748",
"url": "https://access.redhat.com/solutions/7071748"
},
{
"category": "external",
"summary": "https://terrapin-attack.com/",
"url": "https://terrapin-attack.com/"
}
],
"release_date": "2023-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:50+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
},
{
"category": "workaround",
"details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)"
},
{
"acknowledgments": [
{
"names": [
"AAIB IT Unix Team"
]
}
],
"cve": "CVE-2024-1459",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2024-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259475"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1459"
},
{
"category": "external",
"summary": "RHBZ#2259475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459"
}
],
"release_date": "2024-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:50+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: directory traversal vulnerability"
},
{
"cve": "CVE-2024-1635",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264928"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1635"
},
{
"category": "external",
"summary": "RHBZ#2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635"
}
],
"release_date": "2023-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:50+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol"
}
]
}
rhsa-2024:2764
Vulnerability from csaf_redhat
Published
2024-05-08 14:25
Modified
2025-08-14 16:27
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)
* undertow: Directory traversal vulnerability (CVE-2024-1459)
* undertow: Unrestricted request storage leads to memory exhaustion (CVE-2023-1973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)\n* undertow: Directory traversal vulnerability (CVE-2024-1459)\n* undertow: Unrestricted request storage leads to memory exhaustion (CVE-2023-1973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2764",
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2764.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update",
"tracking": {
"current_release_date": "2025-08-14T16:27:41+00:00",
"generator": {
"date": "2025-08-14T16:27:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2024:2764",
"initial_release_date": "2024-05-08T14:25:09+00:00",
"revision_history": [
{
"date": "2024-05-08T14:25:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-08T14:25:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-14T16:27:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 8.0 for RHEL 8",
"product": {
"name": "Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss EAP 8.0 for RHEL 9",
"product": {
"name": "Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"product_id": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-undertow@2.3.11-1.SP1_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src",
"product_id": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-undertow@2.3.11-1.SP1_redhat_00001.1.el9eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-undertow@2.3.11-1.SP1_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-undertow@2.3.11-1.SP1_redhat_00001.1.el9eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-08T14:25:09+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Ankur Sundara"
]
}
],
"cve": "CVE-2023-4639",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Cookie Smuggling/Spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4639"
},
{
"category": "external",
"summary": "RHBZ#2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-08T14:25:09+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Cookie Smuggling/Spoofing"
},
{
"acknowledgments": [
{
"names": [
"AAIB IT Unix Team"
]
}
],
"cve": "CVE-2024-1459",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2024-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259475"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1459"
},
{
"category": "external",
"summary": "RHBZ#2259475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459"
}
],
"release_date": "2024-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-08T14:25:09+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: directory traversal vulnerability"
}
]
}
rhsa-2024:1677
Vulnerability from csaf_redhat
Published
2024-04-04 15:22
Modified
2025-08-14 16:27
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)
* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)
* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)
* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1677",
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.4",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.4"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "JBEAP-19969",
"url": "https://issues.redhat.com/browse/JBEAP-19969"
},
{
"category": "external",
"summary": "JBEAP-26168",
"url": "https://issues.redhat.com/browse/JBEAP-26168"
},
{
"category": "external",
"summary": "JBEAP-26280",
"url": "https://issues.redhat.com/browse/JBEAP-26280"
},
{
"category": "external",
"summary": "JBEAP-26291",
"url": "https://issues.redhat.com/browse/JBEAP-26291"
},
{
"category": "external",
"summary": "JBEAP-26318",
"url": "https://issues.redhat.com/browse/JBEAP-26318"
},
{
"category": "external",
"summary": "JBEAP-26343",
"url": "https://issues.redhat.com/browse/JBEAP-26343"
},
{
"category": "external",
"summary": "JBEAP-26355",
"url": "https://issues.redhat.com/browse/JBEAP-26355"
},
{
"category": "external",
"summary": "JBEAP-26414",
"url": "https://issues.redhat.com/browse/JBEAP-26414"
},
{
"category": "external",
"summary": "JBEAP-26467",
"url": "https://issues.redhat.com/browse/JBEAP-26467"
},
{
"category": "external",
"summary": "JBEAP-26533",
"url": "https://issues.redhat.com/browse/JBEAP-26533"
},
{
"category": "external",
"summary": "JBEAP-26552",
"url": "https://issues.redhat.com/browse/JBEAP-26552"
},
{
"category": "external",
"summary": "JBEAP-26587",
"url": "https://issues.redhat.com/browse/JBEAP-26587"
},
{
"category": "external",
"summary": "JBEAP-26616",
"url": "https://issues.redhat.com/browse/JBEAP-26616"
},
{
"category": "external",
"summary": "JBEAP-26617",
"url": "https://issues.redhat.com/browse/JBEAP-26617"
},
{
"category": "external",
"summary": "JBEAP-26636",
"url": "https://issues.redhat.com/browse/JBEAP-26636"
},
{
"category": "external",
"summary": "JBEAP-26660",
"url": "https://issues.redhat.com/browse/JBEAP-26660"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1677.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update",
"tracking": {
"current_release_date": "2025-08-14T16:27:27+00:00",
"generator": {
"date": "2025-08-14T16:27:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2024:1677",
"initial_release_date": "2024-04-04T15:22:45+00:00",
"revision_history": [
{
"date": "2024-04-04T15:22:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-06-05T10:53:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-14T16:27:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product_id": "Red Hat JBoss Enterprise Application Platform 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:22:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Ankur Sundara"
]
}
],
"cve": "CVE-2023-4639",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Cookie Smuggling/Spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4639"
},
{
"category": "external",
"summary": "RHBZ#2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:22:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Cookie Smuggling/Spoofing"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"discovery_date": "2023-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254210"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-48795"
},
{
"category": "external",
"summary": "RHBZ#2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/7071748",
"url": "https://access.redhat.com/solutions/7071748"
},
{
"category": "external",
"summary": "https://terrapin-attack.com/",
"url": "https://terrapin-attack.com/"
}
],
"release_date": "2023-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:22:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
},
{
"category": "workaround",
"details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)"
},
{
"acknowledgments": [
{
"names": [
"AAIB IT Unix Team"
]
}
],
"cve": "CVE-2024-1459",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2024-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259475"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1459"
},
{
"category": "external",
"summary": "RHBZ#2259475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459"
}
],
"release_date": "2024-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:22:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: directory traversal vulnerability"
},
{
"cve": "CVE-2024-1635",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264928"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1635"
},
{
"category": "external",
"summary": "RHBZ#2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635"
}
],
"release_date": "2023-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:22:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol"
}
]
}
rhsa-2025:9583
Vulnerability from csaf_redhat
Published
2025-06-25 00:16
Modified
2025-08-14 16:12
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.14 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.13, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.14 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: unrestricted request storage leads to memory exhaustion [eap-7.3.z] (CVE-2023-1973)
* undertow: Infinite loop in SslConduit during close [eap-7.3.z] (CVE-2023-1108)
* undertow: OutOfMemoryError due to @MultipartConfig handling [eap-7.3.z] (CVE-2023-3223)
* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.3.z] (CVE-2024-1635)
* keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS [eap-7.3.z] (CVE-2024-1249)
* undertow: Server identity in https connection is not checked by the undertow client [eap-7.3.z] (CVE-2022-4492)
* undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) [eap-7.3.z] (CVE-2022-1259)
* undertow: Large AJP request may cause DoS [eap-7.3.z] (CVE-2022-2053)
* undertow: AJP Request closes connection exceeding maxRequestSize [eap-7.3.z] (CVE-2023-5379)
* undertow: Double AJP response for 400 from EAP 7 results in CPING failures [eap-7.3.z] (CVE-2022-1319)
* eap: JBoss EAP: wildfly-elytron has a SSRF security issue [eap-7.3.z] (CVE-2024-1233)
* wildfly-elytron: possible timing attacks via use of unsafe comparator [eap-7.3.z] (CVE-2022-3143)
* netty-all: netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way [eap-7.3.z] (CVE-2021-37137)
* netty-all: netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data [eap-7.3.z] (CVE-2021-37136)
* jackson-databind: denial of service via a large depth of nested objects [eap-7.3.z] (CVE-2020-36518)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.13, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.14 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.3.z] (CVE-2023-1973)\n\n* undertow: Infinite loop in SslConduit during close [eap-7.3.z] (CVE-2023-1108)\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling [eap-7.3.z] (CVE-2023-3223)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.3.z] (CVE-2024-1635)\n\n* keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS [eap-7.3.z] (CVE-2024-1249)\n\n* undertow: Server identity in https connection is not checked by the undertow client [eap-7.3.z] (CVE-2022-4492)\n\n* undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) [eap-7.3.z] (CVE-2022-1259)\n\n* undertow: Large AJP request may cause DoS [eap-7.3.z] (CVE-2022-2053)\n\n* undertow: AJP Request closes connection exceeding maxRequestSize [eap-7.3.z] (CVE-2023-5379)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures [eap-7.3.z] (CVE-2022-1319)\n\n* eap: JBoss EAP: wildfly-elytron has a SSRF security issue [eap-7.3.z] (CVE-2024-1233)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator [eap-7.3.z] (CVE-2022-3143)\n\n* netty-all: netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way [eap-7.3.z] (CVE-2021-37137)\n\n* netty-all: netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data [eap-7.3.z] (CVE-2021-37136)\n\n* jackson-databind: denial of service via a large depth of nested objects [eap-7.3.z] (CVE-2020-36518)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:9583",
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2004133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
},
{
"category": "external",
"summary": "2004135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
},
{
"category": "external",
"summary": "2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "2072339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072339"
},
{
"category": "external",
"summary": "2073890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
},
{
"category": "external",
"summary": "2095862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862"
},
{
"category": "external",
"summary": "2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "2153260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
},
{
"category": "external",
"summary": "2174246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246"
},
{
"category": "external",
"summary": "2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "2209689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689"
},
{
"category": "external",
"summary": "2242099",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099"
},
{
"category": "external",
"summary": "2262849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262849"
},
{
"category": "external",
"summary": "2262918",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918"
},
{
"category": "external",
"summary": "2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "JBEAP-29448",
"url": "https://issues.redhat.com/browse/JBEAP-29448"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9583.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.14 Security update",
"tracking": {
"current_release_date": "2025-08-14T16:12:16+00:00",
"generator": {
"date": "2025-08-14T16:12:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2025:9583",
"initial_release_date": "2025-06-25T00:16:10+00:00",
"revision_history": [
{
"date": "2025-06-25T00:16:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-25T00:16:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-14T16:12:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product_id": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-3.redhat_00006.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"product_id": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-5.redhat_00006.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.10.4-3.redhat_00006.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"product_id": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.63-5.Final_redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product": {
"name": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product_id": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-3.redhat_00006.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"product_id": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-5.redhat_00006.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.41-4.SP5_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-2.redhat_00006.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.17-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.14-3.GA_redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-16.Final_redhat_00017.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-3.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-5.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.10.4-3.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.10.4-3.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.63-5.Final_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-all@4.1.63-5.Final_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-3.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.10.4-5.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-5.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.41-4.SP5_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.10.4-2.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.10.4-2.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-2.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.14-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.3.14-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.3.14-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.14-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.14-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src"
},
"product_reference": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: denial of service via a large depth of nested objects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36518"
},
{
"category": "external",
"summary": "RHBZ#2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2",
"url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2"
}
],
"release_date": "2020-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: denial of service via a large depth of nested objects"
},
{
"cve": "CVE-2021-37136",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2004133"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-37136"
},
{
"category": "external",
"summary": "RHBZ#2004133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
}
],
"release_date": "2021-09-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data"
},
{
"cve": "CVE-2021-37137",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2004135"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-37137"
},
{
"category": "external",
"summary": "RHBZ#2004135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
}
],
"release_date": "2021-09-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way"
},
{
"cve": "CVE-2022-1259",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-04-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs because of an incomplete fix for CVE-2021-3629.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1259"
},
{
"category": "external",
"summary": "RHBZ#2072339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1259",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1259"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1259",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1259"
}
],
"release_date": "2022-04-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)"
},
{
"cve": "CVE-2022-1319",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-04-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2073890"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1319"
},
{
"category": "external",
"summary": "RHBZ#2073890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319"
}
],
"release_date": "2022-04-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures"
},
{
"cve": "CVE-2022-2053",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2095862"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Large AJP request may cause DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse 7 is now in Maintenance Support Phase and is marked Fixed. However, Red Hat Fuse Online does not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2053"
},
{
"category": "external",
"summary": "RHBZ#2095862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2053",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2053"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2053",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2053"
}
],
"release_date": "2022-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Large AJP request may cause DoS"
},
{
"cve": "CVE-2022-3143",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124682"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: possible timing attacks via use of unsafe comparator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3143"
},
{
"category": "external",
"summary": "RHBZ#2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: possible timing attacks via use of unsafe comparator"
},
{
"cve": "CVE-2022-4492",
"cwe": {
"id": "CWE-550",
"name": "Server-generated Error Message Containing Sensitive Information"
},
"discovery_date": "2022-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2153260"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Server identity in https connection is not checked by the undertow client",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-4492"
},
{
"category": "external",
"summary": "RHBZ#2153260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-4492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492"
}
],
"release_date": "2022-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Server identity in https connection is not checked by the undertow client"
},
{
"cve": "CVE-2023-1108",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2023-02-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2174246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Undertow: Infinite loop in SslConduit during close",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1108"
},
{
"category": "external",
"summary": "RHBZ#2174246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1108",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1108"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-m4mm-pg93-fv78",
"url": "https://github.com/advisories/GHSA-m4mm-pg93-fv78"
}
],
"release_date": "2023-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Undertow: Infinite loop in SslConduit during close"
},
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Keke Lian \u0026 Haoran Zhao"
],
"organization": "System and Software Security Lab in Fudan University"
}
],
"cve": "CVE-2023-3223",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"discovery_date": "2023-05-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2209689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it\u0027s possible to bypass the limit by setting the file name in the request to null.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: OutOfMemoryError due to @MultipartConfig handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-3223"
},
{
"category": "external",
"summary": "RHBZ#2209689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-3223",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3223"
}
],
"release_date": "2023-08-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: OutOfMemoryError due to @MultipartConfig handling"
},
{
"cve": "CVE-2023-5379",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-10-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242099"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: AJP Request closes connection exceeding maxRequestSize",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Due to AJP packet size limitation by ProxyIOBufferSize (default: 8192, max: 65536) directive on httpd side, AJP packets larger than 64KB will not reach JBoss EAP. The default value of max-header-size in JBoss EAP 7 is 1048576 (1MiB), therefore, only JBoss EAP instances with max-header-size set to 64 KB or less may be affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5379"
},
{
"category": "external",
"summary": "RHBZ#2242099",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5379",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5379"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5379"
}
],
"release_date": "2023-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: AJP Request closes connection exceeding maxRequestSize"
},
{
"acknowledgments": [
{
"names": [
"Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab"
]
}
],
"cve": "CVE-2024-1233",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2262849"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: wildfly-elytron has a SSRF security issue",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The SSRF vulnerability in JwtValidator.resolvePublicKey is considered a moderate severity issue due to its potential to allow unauthorized internal network access and exposure of sensitive information, albeit with certain constraints. The vulnerability leverages the absence of URL whitelisting or filtering when resolving the jku header, which can be exploited to make HTTP requests to arbitrary URLs. While the immediate impact might not directly compromise sensitive data or system integrity, it opens a pathway for attackers to discover and interact with internal services, potentially leading to further exploitation. The exploitation complexity and the need for an attacker to craft a malicious JWT token mitigate the severity to a moderate level, as it requires a certain degree of knowledge and capability to execute effectively.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1233"
},
{
"category": "external",
"summary": "RHBZ#2262849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1233"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1233",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1233"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-v4mm-q8fv-r2w5",
"url": "https://github.com/advisories/GHSA-v4mm-q8fv-r2w5"
},
{
"category": "external",
"summary": "https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523",
"url": "https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/WFLY-19226",
"url": "https://issues.redhat.com/browse/WFLY-19226"
}
],
"release_date": "2024-04-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "EAP: wildfly-elytron has a SSRF security issue"
},
{
"cve": "CVE-2024-1635",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264928"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1635"
},
{
"category": "external",
"summary": "RHBZ#2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635"
}
],
"release_date": "2023-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol"
}
]
}
fkie_cve-2023-1973
Vulnerability from fkie_nvd
Published
2024-11-07 10:15
Modified
2024-11-08 19:01
Severity ?
Summary
A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2024:1674 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2024:1675 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2024:1676 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2024:1677 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2024:2763 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2024:2764 | ||
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2023-1973 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2185662 |
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en el paquete Undertow. Mediante el uso de FormAuthenticationMechanism, un usuario malintencionado podr\u00eda provocar una denegaci\u00f3n de servicio mediante el env\u00edo de solicitudes manipuladas, lo que provocar\u00eda un error de falta de memoria en el servidor y agotar\u00eda su memoria."
}
],
"id": "CVE-2023-1973",
"lastModified": "2024-11-08T19:01:03.880",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Primary"
}
]
},
"published": "2024-11-07T10:15:05.400",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
}
wid-sec-w-2024-1084
Vulnerability from csaf_certbund
Published
2024-05-09 22:00
Modified
2025-06-24 22:00
Summary
Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.
Angriff
Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "JBoss Enterprise Application Platform ist eine skalierbare Plattform f\u00fcr Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1084 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1084.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1084 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1084"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2763 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2764 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
},
{
"category": "external",
"summary": "RedHat Security Advisory",
"url": "https://access.redhat.com/errata/RHSA-2024:3919"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9583 vom 2025-06-25",
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"source_lang": "en-US",
"title": "Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-06-24T22:00:00.000+00:00",
"generator": {
"date": "2025-06-25T11:36:08.854+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2024-1084",
"initial_release_date": "2024-05-09T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-05-09T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-06-13T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-24T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "T035142",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.0",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c8.0",
"product_id": "T034675"
}
},
{
"category": "product_version",
"name": "8",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 8.0",
"product_id": "T034675-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
}
}
}
],
"category": "product_name",
"name": "JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"product_status": {
"known_affected": [
"67646",
"T035142",
"T034675"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-1973"
},
{
"cve": "CVE-2023-4639",
"product_status": {
"known_affected": [
"67646",
"T035142",
"T034675"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-4639"
},
{
"cve": "CVE-2024-1459",
"product_status": {
"known_affected": [
"67646",
"T035142",
"T034675"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2024-1459"
}
]
}
ghsa-97cq-f4jm-mv8h
Vulnerability from github
Published
2024-11-07 12:30
Modified
2024-11-07 18:10
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.6 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
6.6 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
VLAI Severity ?
Summary
Undertow Denial of Service vulnerability
Details
A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.undertow:undertow-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.32.Final"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "io.undertow:undertow-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0.Alpha1"
},
{
"fixed": "2.3.13.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-1973"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2024-11-07T18:10:18Z",
"nvd_published_at": "2024-11-07T10:15:05Z",
"severity": "MODERATE"
},
"details": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"id": "GHSA-97cq-f4jm-mv8h",
"modified": "2024-11-07T18:10:18Z",
"published": "2024-11-07T12:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
},
{
"type": "WEB",
"url": "https://github.com/undertow-io/undertow/commit/0410f3c4d9b39b754a2203a29834cac51da11258"
},
{
"type": "WEB",
"url": "https://github.com/undertow-io/undertow/commit/b289b18bc0ba40c134698a430c70ca1835c51d78"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"type": "PACKAGE",
"url": "https://github.com/undertow-io/undertow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "Undertow Denial of Service vulnerability"
}
gsd-2023-1973
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-1973",
"id": "GSD-2023-1973"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-1973"
],
"id": "GSD-2023-1973",
"modified": "2023-12-13T01:20:41.594867Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2023-1973",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…