Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-7046 (GCVE-0-2016-7046)
Vulnerability from cvelistv5 – Published: 2016-10-03 21:00 – Updated: 2024-08-06 01:50
VLAI?
EPSS
Summary
Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://rhn.redhat.com/errata/RHSA-2016-2640.html | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2017:3458 | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2016-2642.html | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2017:3455 | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2016-2657.html | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2017:3456 | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=1376646 | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2017:3454 | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2016-2641.html | vendor-advisoryx_refsource_REDHAT |
| http://www.securityfocus.com/bid/93173 | vdb-entryx_refsource_BID |
Date Public ?
2016-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:2640",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2640.html"
},
{
"name": "RHSA-2017:3458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2016:2642",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2642.html"
},
{
"name": "RHSA-2017:3455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2016:2657",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2657.html"
},
{
"name": "RHSA-2017:3456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646"
},
{
"name": "RHSA-2017:3454",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name": "RHSA-2016:2641",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2641.html"
},
{
"name": "93173",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-14T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2016:2640",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2640.html"
},
{
"name": "RHSA-2017:3458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2016:2642",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2642.html"
},
{
"name": "RHSA-2017:3455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2016:2657",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2657.html"
},
{
"name": "RHSA-2017:3456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646"
},
{
"name": "RHSA-2017:3454",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name": "RHSA-2016:2641",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2641.html"
},
{
"name": "93173",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2640",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2640.html"
},
{
"name": "RHSA-2017:3458",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2016:2642",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2642.html"
},
{
"name": "RHSA-2017:3455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2016:2657",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2657.html"
},
{
"name": "RHSA-2017:3456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646"
},
{
"name": "RHSA-2017:3454",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name": "RHSA-2016:2641",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2641.html"
},
{
"name": "93173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7046",
"datePublished": "2016-10-03T21:00:00.000Z",
"dateReserved": "2016-08-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:50:47.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2016-7046",
"date": "2026-05-20",
"epss": "0.0406",
"percentile": "0.88653"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88BF3B2C-B121-483A-AEF2-8082F6DA5310\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL.\"}, {\"lang\": \"es\", \"value\": \"Red Hat JBoss Enterprise Application Platform (EAP) 7, cuando funciona como un proxy inverso con tama\\u00f1os de b\\u00fafer predeterminado, permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (consumo de CPU y disco) a trav\\u00e9s de una URL larga.\"}]",
"id": "CVE-2016-7046",
"lastModified": "2024-11-21T02:57:21.050",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2016-10-03T21:59:07.127",
"references": "[{\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2640.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2641.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2642.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2657.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/93173\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3454\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3455\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3456\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3458\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1376646\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2640.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2641.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2642.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2657.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/93173\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3454\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3455\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3456\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3458\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1376646\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-7046\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-10-03T21:59:07.127\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL.\"},{\"lang\":\"es\",\"value\":\"Red Hat JBoss Enterprise Application Platform (EAP) 7, cuando funciona como un proxy inverso con tama\u00f1os de b\u00fafer predeterminado, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU y disco) a trav\u00e9s de una URL larga.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88BF3B2C-B121-483A-AEF2-8082F6DA5310\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2640.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2641.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2642.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2657.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/93173\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3454\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3455\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3456\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3458\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1376646\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2640.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2641.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2642.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2657.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/93173\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3454\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3455\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3456\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3458\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1376646\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]}]}}"
}
}
CNVD-2016-08257
Vulnerability from cnvd - Published: 2016-09-29
VLAI Severity ?
Title
Red Hat Undertow远程拒绝服务漏洞
Description
Red Hat Undertow是美国红帽(Red Hat)公司的一款Web服务器。
Red Hat Undertow中存在远程拒绝服务漏洞。攻击者可利用该漏洞造成应用程序无限循环,导致拒绝服务。
Severity
中
Formal description
目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法: https://www.redhat.com/en
Reference
http://www.securityfocus.com/bid/93173
Impacted products
| Name | Red Hat Undertow |
|---|
{
"bids": {
"bid": {
"bidNumber": "93173"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2016-7046"
}
},
"description": "Red Hat Undertow\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7684\u4e00\u6b3eWeb\u670d\u52a1\u5668\u3002\r\n\r\nRed Hat Undertow\u4e2d\u5b58\u5728\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u5e94\u7528\u7a0b\u5e8f\u65e0\u9650\u5faa\u73af\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
"discovererName": "Timothy Walsh.",
"formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://www.redhat.com/en",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-08257",
"openTime": "2016-09-29",
"products": {
"product": "Red Hat Undertow"
},
"referenceLink": "http://www.securityfocus.com/bid/93173",
"serverity": "\u4e2d",
"submitTime": "2016-09-28",
"title": "Red Hat Undertow\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
FKIE_CVE-2016-7046
Vulnerability from fkie_nvd - Published: 2016-10-03 21:59 - Updated: 2026-05-06 22:30
Severity ?
Summary
Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_enterprise_application_platform | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88BF3B2C-B121-483A-AEF2-8082F6DA5310",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL."
},
{
"lang": "es",
"value": "Red Hat JBoss Enterprise Application Platform (EAP) 7, cuando funciona como un proxy inverso con tama\u00f1os de b\u00fafer predeterminado, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU y disco) a trav\u00e9s de una URL larga."
}
],
"id": "CVE-2016-7046",
"lastModified": "2026-05-06T22:30:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-03T21:59:07.127",
"references": [
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2640.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2641.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2642.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2657.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93173"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2640.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2641.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2642.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2657.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-3F57-W2RP-72FC
Vulnerability from github – Published: 2022-05-17 00:15 – Updated: 2022-11-08 12:43
VLAI?
Summary
Undertow Uncaught Exception vulnerability
Details
A long URL proxy request lead to java.nio.BufferOverflowException in Undertow.
Severity ?
5.9 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.undertow:undertow-core"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.0"
},
{
"fixed": "1.4.3.Final"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "io.undertow:undertow-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.25.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-7046"
],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": true,
"github_reviewed_at": "2022-11-08T12:43:33Z",
"nvd_published_at": "2016-10-03T21:59:00Z",
"severity": "MODERATE"
},
"details": "A long URL proxy request lead to java.nio.BufferOverflowException in Undertow.",
"id": "GHSA-3f57-w2rp-72fc",
"modified": "2022-11-08T12:43:33Z",
"published": "2022-05-17T00:15:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7046"
},
{
"type": "WEB",
"url": "https://github.com/undertow-io/undertow/commit/c518b5a1784061d807efedcef0a03fcd35a53de2"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646"
},
{
"type": "PACKAGE",
"url": "https://github.com/undertow-io/undertow"
},
{
"type": "WEB",
"url": "https://issues.redhat.com/browse/UNDERTOW-835"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-7046"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Undertow Uncaught Exception vulnerability"
}
GSD-2016-7046
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-7046",
"description": "Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL.",
"id": "GSD-2016-7046",
"references": [
"https://access.redhat.com/errata/RHSA-2017:3458",
"https://access.redhat.com/errata/RHSA-2017:3456",
"https://access.redhat.com/errata/RHSA-2017:3455",
"https://access.redhat.com/errata/RHSA-2017:3454",
"https://access.redhat.com/errata/RHSA-2016:2657",
"https://access.redhat.com/errata/RHSA-2016:2642",
"https://access.redhat.com/errata/RHSA-2016:2641",
"https://access.redhat.com/errata/RHSA-2016:2640"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-7046"
],
"details": "Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL.",
"id": "GSD-2016-7046",
"modified": "2023-12-13T01:21:21.136972Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2640",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2640.html"
},
{
"name": "RHSA-2017:3458",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2016:2642",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2642.html"
},
{
"name": "RHSA-2017:3455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2016:2657",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2657.html"
},
{
"name": "RHSA-2017:3456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646"
},
{
"name": "RHSA-2017:3454",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name": "RHSA-2016:2641",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2641.html"
},
{
"name": "93173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93173"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[1.3,1.3.25.Final],[1.4,1.4.3.Final],[2.Alpha0,2.0.0.Alpha1]",
"affected_versions": "All versions starting from 1.3 up to 1.3.25.Final, all versions starting from 1.4 up to 1.4.3.Final, all versions starting from 2.Alpha0 up to 2.0.0.Alpha1",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-399",
"CWE-937"
],
"date": "2017-12-14",
"description": "Remote attackers could cause a denial of service (CPU and disk consumption) via a long URL.",
"fixed_versions": [
"2.0.1"
],
"identifier": "CVE-2016-7046",
"identifiers": [
"CVE-2016-7046"
],
"not_impacted": "All versions after 2.0.0.Alpha1",
"package_slug": "maven/io.undertow/undertow-core",
"pubdate": "2016-10-03",
"solution": "Upgrade to version 2.0.1 or above.",
"title": "Uncontrolled Resource Consumption",
"urls": [
"https://access.redhat.com/security/cve/CVE-2016-7046"
],
"uuid": "d9c73988-7819-44e9-921d-9798d497f66b"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7046"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93173",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93173"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646"
},
{
"name": "RHSA-2016:2657",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2657.html"
},
{
"name": "RHSA-2016:2642",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2642.html"
},
{
"name": "RHSA-2016:2641",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2641.html"
},
{
"name": "RHSA-2016:2640",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2640.html"
},
{
"name": "RHSA-2017:3458",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2017:3456",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name": "RHSA-2017:3455",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2017:3454",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
},
"lastModifiedDate": "2017-12-15T02:29Z",
"publishedDate": "2016-10-03T21:59Z"
}
}
}
RHSA-2016:2640
Vulnerability from csaf_redhat - Published: 2016-11-03 17:32 - Updated: 2026-03-18 01:43Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 7.0.3 on RHEL 6
Severity
Important
Notes
Topic: Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.0.3 that fix several bugs and add various enhancements that are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification.
This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.2. It includes bug fixes and enhancements. Refer to the JBoss Enterprise Application Platform 7.0.3 Release Notes linked to in the References section for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service. (CVE-2016-7046)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service.
6.5 (Medium)
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.0.3 that fix several bugs and add various enhancements that are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification.\n\nThis release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.2. It includes bug fixes and enhancements. Refer to the JBoss Enterprise Application Platform 7.0.3 Release Notes linked to in the References section for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service. (CVE-2016-7046)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2640",
"url": "https://access.redhat.com/errata/RHSA-2016:2640"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/703-release-notes/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/703-release-notes/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/?version=7.0/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/?version=7.0/"
},
{
"category": "external",
"summary": "1376646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646"
},
{
"category": "external",
"summary": "JBEAP-5590",
"url": "https://issues.redhat.com/browse/JBEAP-5590"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2640.json"
}
],
"title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 7.0.3 on RHEL 6",
"tracking": {
"current_release_date": "2026-03-18T01:43:40+00:00",
"generator": {
"date": "2026-03-18T01:43:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2016:2640",
"initial_release_date": "2016-11-03T17:32:41+00:00",
"revision_history": [
{
"date": "2016-11-03T17:32:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-11-03T17:32:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T01:43:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xerces-j2@2.11.0-24.SP5_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@1.3.25-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.0.11-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.0.11-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.0.11-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.0.11-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.0.11-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-infinispan@5.0.11-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@4.0.21-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.4.0-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.0.3-2.GA_redhat_3.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"product": {
"name": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"product_id": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.0.3-4.GA_redhat_2.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"product_id": "eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.0.3-4.GA_redhat_2.1.ep7.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.src",
"product_id": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xerces-j2@2.11.0-24.SP5_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@1.3.25-1.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.0.11-1.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@4.0.21-1.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.4.0-1.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.src",
"product": {
"name": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.src",
"product_id": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.0.3-2.GA_redhat_3.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.src",
"product": {
"name": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.src",
"product_id": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.0.3-4.GA_redhat_2.1.ep7.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch"
},
"product_reference": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.src"
},
"product_reference": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.src"
},
"product_reference": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-7046",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2016-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1376646"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-7046"
},
{
"category": "external",
"summary": "RHBZ#1376646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-7046",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7046"
}
],
"release_date": "2016-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-03T17:32:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2640"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS"
}
]
}
RHSA-2016:2641
Vulnerability from csaf_redhat - Published: 2016-11-03 17:32 - Updated: 2026-03-18 01:43Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 7.0.3 for RHEL 7
Severity
Important
Notes
Topic: Updated packages that provides Red Hat JBoss Enterprise Application Platform 7.0.3, fixes several bugs, and adds various enhancements are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification.
This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.2. It includes bug fixes and enhancements. Refer to the JBoss Enterprise Application Platform 7.0.3 Release Notes linked to in the References section for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service. (CVE-2016-7046)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service.
6.5 (Medium)
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages that provides Red Hat JBoss Enterprise Application Platform 7.0.3, fixes several bugs, and adds various enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification.\n\nThis release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.2. It includes bug fixes and enhancements. Refer to the JBoss Enterprise Application Platform 7.0.3 Release Notes linked to in the References section for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service. (CVE-2016-7046)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2641",
"url": "https://access.redhat.com/errata/RHSA-2016:2641"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/703-release-notes/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/703-release-notes/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0"
},
{
"category": "external",
"summary": "1376646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646"
},
{
"category": "external",
"summary": "JBEAP-5591",
"url": "https://issues.redhat.com/browse/JBEAP-5591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2641.json"
}
],
"title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 7.0.3 for RHEL 7",
"tracking": {
"current_release_date": "2026-03-18T01:43:44+00:00",
"generator": {
"date": "2026-03-18T01:43:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2016:2641",
"initial_release_date": "2016-11-03T17:32:11+00:00",
"revision_history": [
{
"date": "2016-11-03T17:32:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-11-03T17:32:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T01:43:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xerces-j2@2.11.0-24.SP5_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@1.3.25-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.0.11-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.0.11-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.0.11-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.0.11-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-infinispan@5.0.11-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.0.11-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@4.0.21-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.4.0-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.0.3-2.GA_redhat_3.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.0.3-4.GA_redhat_2.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.0.3-4.GA_redhat_2.1.ep7.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.src",
"product_id": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xerces-j2@2.11.0-24.SP5_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.src",
"product_id": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@1.3.25-1.Final_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.src",
"product_id": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.0.11-1.Final_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.src",
"product_id": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@4.0.21-1.Final_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.src",
"product_id": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.4.0-1.Final_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.src",
"product": {
"name": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.src",
"product_id": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.0.3-2.GA_redhat_3.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.src",
"product": {
"name": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.src",
"product_id": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.0.3-4.GA_redhat_2.1.ep7.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.src"
},
"product_reference": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.src"
},
"product_reference": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-7046",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2016-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1376646"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-7046"
},
{
"category": "external",
"summary": "RHBZ#1376646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-7046",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7046"
}
],
"release_date": "2016-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-03T17:32:11+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2641"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS"
}
]
}
RHSA-2016:2642
Vulnerability from csaf_redhat - Published: 2016-11-03 17:52 - Updated: 2026-03-18 01:43Summary
Red Hat Security Advisory: jboss-ec2-eap package for EAP 7.0.3
Severity
Important
Notes
Topic: The jboss-ec2-eap package that adds an enhancement is now available for Red Hat JBoss Enterprise Application Platform 7.0.3 on Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2).
With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.3. Refer to the JBoss Enterprise Application Platform 7.0.3 Release Notes, linked to in the References section, for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service. (CVE-2016-7046)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service.
6.5 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-ec2-eap-samples-0:7.0.3-3.GA_redhat_2.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-ec2-eap-samples-0:7.0.3-3.GA_redhat_2.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The jboss-ec2-eap package that adds an enhancement is now available for Red Hat JBoss Enterprise Application Platform 7.0.3 on Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2).\n\nWith this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.3. Refer to the JBoss Enterprise Application Platform 7.0.3 Release Notes, linked to in the References section, for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service. (CVE-2016-7046)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2642",
"url": "https://access.redhat.com/errata/RHSA-2016:2642"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/703-release-notes/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/703-release-notes/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0"
},
{
"category": "external",
"summary": "1376646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646"
},
{
"category": "external",
"summary": "JBEAP-5593",
"url": "https://issues.redhat.com/browse/JBEAP-5593"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2642.json"
}
],
"title": "Red Hat Security Advisory: jboss-ec2-eap package for EAP 7.0.3",
"tracking": {
"current_release_date": "2026-03-18T01:43:42+00:00",
"generator": {
"date": "2026-03-18T01:43:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2016:2642",
"initial_release_date": "2016-11-03T17:52:35+00:00",
"revision_history": [
{
"date": "2016-11-03T17:52:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-11-03T17:52:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T01:43:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el6.src",
"product": {
"name": "eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el6.src",
"product_id": "eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ec2-eap@7.0.3-3.GA_redhat_2.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el7.src",
"product": {
"name": "eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el7.src",
"product_id": "eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ec2-eap@7.0.3-3.GA_redhat_2.ep7.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el6.noarch",
"product": {
"name": "eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el6.noarch",
"product_id": "eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ec2-eap@7.0.3-3.GA_redhat_2.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ec2-eap-samples-0:7.0.3-3.GA_redhat_2.ep7.el6.noarch",
"product": {
"name": "eap7-jboss-ec2-eap-samples-0:7.0.3-3.GA_redhat_2.ep7.el6.noarch",
"product_id": "eap7-jboss-ec2-eap-samples-0:7.0.3-3.GA_redhat_2.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ec2-eap-samples@7.0.3-3.GA_redhat_2.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el7.noarch",
"product_id": "eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ec2-eap@7.0.3-3.GA_redhat_2.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ec2-eap-samples-0:7.0.3-3.GA_redhat_2.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-ec2-eap-samples-0:7.0.3-3.GA_redhat_2.ep7.el7.noarch",
"product_id": "eap7-jboss-ec2-eap-samples-0:7.0.3-3.GA_redhat_2.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ec2-eap-samples@7.0.3-3.GA_redhat_2.ep7.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el6.noarch"
},
"product_reference": "eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el6.src"
},
"product_reference": "eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ec2-eap-samples-0:7.0.3-3.GA_redhat_2.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-ec2-eap-samples-0:7.0.3-3.GA_redhat_2.ep7.el6.noarch"
},
"product_reference": "eap7-jboss-ec2-eap-samples-0:7.0.3-3.GA_redhat_2.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el7.src"
},
"product_reference": "eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ec2-eap-samples-0:7.0.3-3.GA_redhat_2.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-ec2-eap-samples-0:7.0.3-3.GA_redhat_2.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-ec2-eap-samples-0:7.0.3-3.GA_redhat_2.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-7046",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2016-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1376646"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.0:eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-ec2-eap-samples-0:7.0.3-3.GA_redhat_2.ep7.el6.noarch",
"7Server-JBEAP-7.0:eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-ec2-eap-samples-0:7.0.3-3.GA_redhat_2.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-7046"
},
{
"category": "external",
"summary": "RHBZ#1376646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-7046",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7046"
}
],
"release_date": "2016-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-03T17:52:35+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.0:eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-ec2-eap-samples-0:7.0.3-3.GA_redhat_2.ep7.el6.noarch",
"7Server-JBEAP-7.0:eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-ec2-eap-samples-0:7.0.3-3.GA_redhat_2.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2642"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.0:eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-ec2-eap-samples-0:7.0.3-3.GA_redhat_2.ep7.el6.noarch",
"7Server-JBEAP-7.0:eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-ec2-eap-0:7.0.3-3.GA_redhat_2.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-ec2-eap-samples-0:7.0.3-3.GA_redhat_2.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS"
}
]
}
RHSA-2016:2657
Vulnerability from csaf_redhat - Published: 2016-11-04 15:37 - Updated: 2026-03-18 01:43Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 7.0.3
Severity
Important
Notes
Topic: Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.0.3, fixed several bugs, and added various enhancements that are now available from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification.
This release serves as an update for Red Hat JBoss Enterprise Application Platform 7.0.2. It includes bug fixes and enhancements. Refer to the JBoss Enterprise Application Platform 7.0.3 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service. (CVE-2016-7046)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss EAP 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.0.3, fixed several bugs, and added various enhancements that are now available from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification.\n\nThis release serves as an update for Red Hat JBoss Enterprise Application Platform 7.0.2. It includes bug fixes and enhancements. Refer to the JBoss Enterprise Application Platform 7.0.3 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service. (CVE-2016-7046)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2657",
"url": "https://access.redhat.com/errata/RHSA-2016:2657"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/",
"url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/703-release-notes/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/703-release-notes/"
},
{
"category": "external",
"summary": "1376646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2657.json"
}
],
"title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 7.0.3",
"tracking": {
"current_release_date": "2026-03-18T01:43:53+00:00",
"generator": {
"date": "2026-03-18T01:43:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2016:2657",
"initial_release_date": "2016-11-04T15:37:41+00:00",
"revision_history": [
{
"date": "2016-11-04T15:37:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-02-20T12:40:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T01:43:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7",
"product": {
"name": "Red Hat JBoss EAP 7",
"product_id": "Red Hat JBoss EAP 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-7046",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2016-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1376646"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss EAP 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-7046"
},
{
"category": "external",
"summary": "RHBZ#1376646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-7046",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7046"
}
],
"release_date": "2016-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-04T15:37:41+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss EAP 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2657"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss EAP 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS"
}
]
}
RHSA-2016_2640
Vulnerability from csaf_redhat - Published: 2016-11-03 17:32 - Updated: 2024-11-22 10:17Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 7.0.3 on RHEL 6
Severity
Important
Notes
Topic: Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.0.3 that fix several bugs and add various enhancements that are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification.
This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.2. It includes bug fixes and enhancements. Refer to the JBoss Enterprise Application Platform 7.0.3 Release Notes linked to in the References section for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service. (CVE-2016-7046)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service.
6.5 (Medium)
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.0.3 that fix several bugs and add various enhancements that are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification.\n\nThis release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.2. It includes bug fixes and enhancements. Refer to the JBoss Enterprise Application Platform 7.0.3 Release Notes linked to in the References section for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service. (CVE-2016-7046)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2640",
"url": "https://access.redhat.com/errata/RHSA-2016:2640"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/703-release-notes/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/703-release-notes/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/?version=7.0/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/?version=7.0/"
},
{
"category": "external",
"summary": "1376646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646"
},
{
"category": "external",
"summary": "JBEAP-5590",
"url": "https://issues.redhat.com/browse/JBEAP-5590"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2640.json"
}
],
"title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 7.0.3 on RHEL 6",
"tracking": {
"current_release_date": "2024-11-22T10:17:33+00:00",
"generator": {
"date": "2024-11-22T10:17:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2016:2640",
"initial_release_date": "2016-11-03T17:32:41+00:00",
"revision_history": [
{
"date": "2016-11-03T17:32:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-11-03T17:32:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T10:17:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xerces-j2@2.11.0-24.SP5_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@1.3.25-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.0.11-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.0.11-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.0.11-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.0.11-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.0.11-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-infinispan@5.0.11-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@4.0.21-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.4.0-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.0.3-2.GA_redhat_3.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"product": {
"name": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"product_id": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.0.3-4.GA_redhat_2.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"product_id": "eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.0.3-4.GA_redhat_2.1.ep7.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.src",
"product_id": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xerces-j2@2.11.0-24.SP5_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@1.3.25-1.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.0.11-1.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@4.0.21-1.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.4.0-1.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.src",
"product": {
"name": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.src",
"product_id": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.0.3-2.GA_redhat_3.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.src",
"product": {
"name": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.src",
"product_id": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.0.3-4.GA_redhat_2.1.ep7.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch"
},
"product_reference": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.src"
},
"product_reference": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.src"
},
"product_reference": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-7046",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2016-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1376646"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-7046"
},
{
"category": "external",
"summary": "RHBZ#1376646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-7046",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7046"
}
],
"release_date": "2016-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-03T17:32:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2640"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el6.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS"
}
]
}
RHSA-2016_2641
Vulnerability from csaf_redhat - Published: 2016-11-03 17:32 - Updated: 2024-11-22 10:17Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 7.0.3 for RHEL 7
Severity
Important
Notes
Topic: Updated packages that provides Red Hat JBoss Enterprise Application Platform 7.0.3, fixes several bugs, and adds various enhancements are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification.
This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.2. It includes bug fixes and enhancements. Refer to the JBoss Enterprise Application Platform 7.0.3 Release Notes linked to in the References section for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service. (CVE-2016-7046)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service.
6.5 (Medium)
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages that provides Red Hat JBoss Enterprise Application Platform 7.0.3, fixes several bugs, and adds various enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification.\n\nThis release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.2. It includes bug fixes and enhancements. Refer to the JBoss Enterprise Application Platform 7.0.3 Release Notes linked to in the References section for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service. (CVE-2016-7046)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2641",
"url": "https://access.redhat.com/errata/RHSA-2016:2641"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/703-release-notes/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/703-release-notes/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0"
},
{
"category": "external",
"summary": "1376646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646"
},
{
"category": "external",
"summary": "JBEAP-5591",
"url": "https://issues.redhat.com/browse/JBEAP-5591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2641.json"
}
],
"title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 7.0.3 for RHEL 7",
"tracking": {
"current_release_date": "2024-11-22T10:17:38+00:00",
"generator": {
"date": "2024-11-22T10:17:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2016:2641",
"initial_release_date": "2016-11-03T17:32:11+00:00",
"revision_history": [
{
"date": "2016-11-03T17:32:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-11-03T17:32:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T10:17:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xerces-j2@2.11.0-24.SP5_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@1.3.25-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.0.11-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.0.11-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.0.11-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.0.11-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-infinispan@5.0.11-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.0.11-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@4.0.21-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.4.0-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.0.3-2.GA_redhat_3.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.0.3-4.GA_redhat_2.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.0.3-4.GA_redhat_2.1.ep7.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.src",
"product_id": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xerces-j2@2.11.0-24.SP5_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.src",
"product_id": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@1.3.25-1.Final_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.src",
"product_id": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.0.11-1.Final_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.src",
"product_id": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@4.0.21-1.Final_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.src",
"product_id": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.4.0-1.Final_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.src",
"product": {
"name": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.src",
"product_id": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.0.3-2.GA_redhat_3.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.src",
"product": {
"name": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.src",
"product_id": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.0.3-4.GA_redhat_2.1.ep7.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.src"
},
"product_reference": "eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.src"
},
"product_reference": "eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-7046",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2016-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1376646"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-7046"
},
{
"category": "external",
"summary": "RHBZ#1376646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-7046",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7046"
}
],
"release_date": "2016-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-03T17:32:11+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2641"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-0:5.0.11-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.11-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.21-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.0-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.25-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.3-4.GA_redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.3-2.GA_redhat_3.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.3-4.GA_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-xerces-j2-0:2.11.0-24.SP5_redhat_1.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…