Action not permitted
Modal body text goes here.
CVE-2018-10862
Vulnerability from cvelistv5
Published
2018-07-27 14:00
Modified
2024-08-05 07:46
Severity ?
EPSS score ?
Summary
WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:2276 | Vendor Advisory | |
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:2277 | Vendor Advisory | |
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:2279 | Vendor Advisory | |
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:2423 | Vendor Advisory | |
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:2424 | Vendor Advisory | |
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:2425 | Vendor Advisory | |
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:2428 | Vendor Advisory | |
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:2643 | Vendor Advisory | |
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:0877 | Vendor Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862 | Issue Tracking, Vendor Advisory | |
secalert@redhat.com | https://snyk.io/research/zip-slip-vulnerability | Third Party Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:46:47.486Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://snyk.io/research/zip-slip-vulnerability" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862" }, { "name": "RHSA-2018:2428", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2428" }, { "name": "RHSA-2018:2643", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2643" }, { "name": "RHSA-2018:2279", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2279" }, { "name": "RHSA-2018:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2424" }, { "name": "RHSA-2018:2276", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2276" }, { "name": "RHSA-2018:2423", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2423" }, { "name": "RHSA-2018:2425", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2425" }, { "name": "RHSA-2018:2277", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2277" }, { "name": "RHSA-2019:0877", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:0877" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-06-20T00:00:00", "descriptions": [ { "lang": "en", "value": "WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the \u0027Zip Slip\u0027 vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-04-24T21:06:03", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://snyk.io/research/zip-slip-vulnerability" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862" }, { "name": "RHSA-2018:2428", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2428" }, { "name": "RHSA-2018:2643", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2643" }, { "name": "RHSA-2018:2279", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2279" }, { "name": "RHSA-2018:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2424" }, { "name": "RHSA-2018:2276", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2276" }, { "name": "RHSA-2018:2423", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2423" }, { "name": "RHSA-2018:2425", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2425" }, { "name": "RHSA-2018:2277", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2277" }, { "name": "RHSA-2019:0877", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:0877" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-10862", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the \u0027Zip Slip\u0027 vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://snyk.io/research/zip-slip-vulnerability", "refsource": "MISC", "url": "https://snyk.io/research/zip-slip-vulnerability" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862" }, { "name": "RHSA-2018:2428", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2428" }, { "name": "RHSA-2018:2643", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2643" }, { "name": "RHSA-2018:2279", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2279" }, { "name": "RHSA-2018:2424", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2424" }, { "name": "RHSA-2018:2276", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2276" }, { "name": "RHSA-2018:2423", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2423" }, { "name": "RHSA-2018:2425", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2425" }, { "name": "RHSA-2018:2277", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2277" }, { "name": "RHSA-2019:0877", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0877" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-10862", "datePublished": "2018-07-27T14:00:00", "dateReserved": "2018-05-09T00:00:00", "dateUpdated": "2024-08-05T07:46:47.486Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2018-10862\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-07-27T14:29:00.300\",\"lastModified\":\"2019-04-26T15:08:27.273\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the \u0027Zip Slip\u0027 vulnerability.\"},{\"lang\":\"es\",\"value\":\"WildFly Core en versiones anteriores a la 6.0.0.0.Alpha3 no valida correctamente las rutas de los archivos en los archivos .war, lo que permite la extracci\u00f3n de archivos .war manipulados para sobrescribir archivos arbitrarios. Este es un ejemplo de la vulnerabilidad \u0027Zip Slip\u0027.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":4.9},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BBD7A51-0590-4DDF-8249-5AFA8D645CB6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"868C0845-F25C-487F-A697-72917BE9D78E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"868C0845-F25C-487F-A697-72917BE9D78E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:wildfly_core:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.0.0\",\"matchCriteriaId\":\"63F50451-C638-4975-8F48-A303C4D83B5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:wildfly_core:6.0.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"41F9734C-F9ED-4DAA-AE32-4F1753360039\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:wildfly_core:6.0.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E601F1DC-ABB5-46DA-B124-AB08F3069A36\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2276\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2277\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2279\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2423\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2424\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2425\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2428\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2643\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0877\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://snyk.io/research/zip-slip-vulnerability\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
rhsa-2018_2643
Vulnerability from csaf_redhat
Published
2018-09-04 14:10
Modified
2024-11-15 03:05
Summary
Red Hat Security Advisory: rhvm-appliance security update
Notes
Topic
An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal.
The following packages have been upgraded to a later upstream version: rhvm-appliance (4.2). (BZ#1590658, BZ#1591095, BZ#1591096, BZ#1592655, BZ#1594636, BZ#1597534, BZ#1612683)
Red Hat would like to thank the PostgreSQL project for reporting CVE-2018-10915 and Ammarit Thongthua (Deloitte Thailand Pentest team) and Nattakit Intarasorn (Deloitte Thailand Pentest team) for reporting CVE-2018-1067. Upstream acknowledges Andrew Krasichkov as the original reporter of CVE-2018-10915.
Security fixes:
* vulnerability: wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip) (CVE-2018-10862)
* vulnerability: apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)
* vulnerability: postgresql: Certain host connection parameters defeat client-side security defenses (CVE-2018-10915)
* vulnerability: undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of ) (CVE-2018-1067, CVE-2016-4993)
* vulnerability: undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service (CVE-2018-1114)
* vulnerability: guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237)
* vulnerability: bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal.\n\nThe following packages have been upgraded to a later upstream version: rhvm-appliance (4.2). (BZ#1590658, BZ#1591095, BZ#1591096, BZ#1592655, BZ#1594636, BZ#1597534, BZ#1612683)\n\nRed Hat would like to thank the PostgreSQL project for reporting CVE-2018-10915 and Ammarit Thongthua (Deloitte Thailand Pentest team) and Nattakit Intarasorn (Deloitte Thailand Pentest team) for reporting CVE-2018-1067. Upstream acknowledges Andrew Krasichkov as the original reporter of CVE-2018-10915.\n\nSecurity fixes:\n\n* vulnerability: wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip) (CVE-2018-10862)\n\n* vulnerability: apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)\n\n* vulnerability: postgresql: Certain host connection parameters defeat client-side security defenses (CVE-2018-10915)\n\n* vulnerability: undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of ) (CVE-2018-1067, CVE-2016-4993)\n\n* vulnerability: undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service (CVE-2018-1114)\n\n* vulnerability: guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237)\n\n* vulnerability: bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)\n\nFor more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:2643", "url": "https://access.redhat.com/errata/RHSA-2018:2643" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1550671", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550671" }, { "category": "external", "summary": "1573045", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573045" }, { "category": "external", "summary": "1573391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573391" }, { "category": "external", "summary": "1588306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588306" }, { "category": "external", "summary": "1593527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527" }, { "category": "external", "summary": "1595332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595332" }, { "category": "external", "summary": "1609891", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1609891" }, { "category": "external", "summary": "1616249", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616249" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2643.json" } ], "title": "Red Hat Security Advisory: rhvm-appliance security update", "tracking": { "current_release_date": "2024-11-15T03:05:56+00:00", "generator": { "date": "2024-11-15T03:05:56+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:2643", "initial_release_date": "2018-09-04T14:10:19+00:00", "revision_history": [ { "date": "2018-09-04T14:10:19+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-09-04T14:10:19+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T03:05:56+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts", "product": { "name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts", "product_id": "7Server-RHEV-4-Agents-7", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor" } } }, { "category": "product_name", "name": "Red Hat Virtualization 4 Hypervisor for RHEL 7", "product": { "name": "Red Hat Virtualization 4 Hypervisor for RHEL 7", "product_id": "7Server-RHEV-4-Hypervisor-7", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor" } } } ], "category": "product_family", "name": "Red Hat Virtualization" }, { "branches": [ { "category": "product_version", "name": "rhvm-appliance-2:4.2-20180828.0.el7.src", "product": { "name": "rhvm-appliance-2:4.2-20180828.0.el7.src", "product_id": "rhvm-appliance-2:4.2-20180828.0.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhvm-appliance@4.2-20180828.0.el7?arch=src\u0026epoch=2" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rhvm-appliance-2:4.2-20180828.0.el7.noarch", "product": { "name": "rhvm-appliance-2:4.2-20180828.0.el7.noarch", "product_id": "rhvm-appliance-2:4.2-20180828.0.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhvm-appliance@4.2-20180828.0.el7?arch=noarch\u0026epoch=2" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhvm-appliance-2:4.2-20180828.0.el7.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts", "product_id": "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch" }, "product_reference": "rhvm-appliance-2:4.2-20180828.0.el7.noarch", "relates_to_product_reference": "7Server-RHEV-4-Agents-7" }, { "category": "default_component_of", "full_product_name": { "name": "rhvm-appliance-2:4.2-20180828.0.el7.src as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts", "product_id": "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.src" }, "product_reference": "rhvm-appliance-2:4.2-20180828.0.el7.src", "relates_to_product_reference": "7Server-RHEV-4-Agents-7" }, { "category": "default_component_of", "full_product_name": { "name": "rhvm-appliance-2:4.2-20180828.0.el7.noarch as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7", "product_id": "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch" }, "product_reference": "rhvm-appliance-2:4.2-20180828.0.el7.noarch", "relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7" }, { "category": "default_component_of", "full_product_name": { "name": "rhvm-appliance-2:4.2-20180828.0.el7.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7", "product_id": "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.src" }, "product_reference": "rhvm-appliance-2:4.2-20180828.0.el7.src", "relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Ammarit Thongthua", "Nattakit Intarasorn" ], "organization": "Deloitte Thailand Pentest team" } ], "cve": "CVE-2018-1067", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2018-03-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1550671" } ], "notes": [ { "category": "description", "text": "It was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1067" }, { "category": "external", "summary": "RHBZ#1550671", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550671" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1067", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1067" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1067", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1067" } ], "release_date": "2018-04-25T17:51:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-04T14:10:19+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2643" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)" }, { "cve": "CVE-2018-1114", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2018-04-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1573045" } ], "notes": [ { "category": "description", "text": "It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1114" }, { "category": "external", "summary": "RHBZ#1573045", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573045" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1114", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1114" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1114", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1114" }, { "category": "external", "summary": "https://bugs.openjdk.java.net/browse/JDK-6956385", "url": "https://bugs.openjdk.java.net/browse/JDK-6956385" }, { "category": "external", "summary": "https://issues.jboss.org/browse/UNDERTOW-1338", "url": "https://issues.jboss.org/browse/UNDERTOW-1338" } ], "release_date": "2018-04-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-04T14:10:19+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2643" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service" }, { "cve": "CVE-2018-8039", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "discovery_date": "2018-06-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1595332" } ], "notes": [ { "category": "description", "text": "It was discovered that when Apache CXF is configured to use the system property com.sun.net.ssl.internal.www.protocol ,it uses reflection to make the HostnameVerifier work with old com.sun.net.ssl.HostnameVerifier interface. Although the CXF implementation throws an exception, which is caught in the reflection code but it is not properly propagated, this can lead to a man-in-the-middle attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Logging the openshift-logging/elasticsearch6-rhel8 container bundles the vulnerable version of apache-cxf, but the vulnerable class is not shipped, hence this component is not affected by this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8039" }, { "category": "external", "summary": "RHBZ#1595332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8039", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8039" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8039", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8039" }, { "category": "external", "summary": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1\u0026modificationDate=1530184663000\u0026api=v2", "url": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1\u0026modificationDate=1530184663000\u0026api=v2" } ], "release_date": "2018-06-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-04T14:10:19+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2643" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*" }, { "cve": "CVE-2018-10237", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2018-05-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1573391" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Guava where the AtomicDoubleArray and CompoundOrdering classes were found to allocate memory based on size fields sent by the client without validation. A crafted message could cause the server to consume all available memory or crash leading to a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Openshift Application Runtimes: Eclipse Vert.x is not exploitable by this flaw, though the vulnerable code is a transient dependency to the product. This issue may be addressed in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10237" }, { "category": "external", "summary": "RHBZ#1573391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573391" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10237", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10237" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237" }, { "category": "external", "summary": "https://github.com/google/guava/wiki/CVE-2018-10237", "url": "https://github.com/google/guava/wiki/CVE-2018-10237" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/guava-announce/xqWALw4W1vs/discussion", "url": "https://groups.google.com/forum/#!topic/guava-announce/xqWALw4W1vs/discussion" } ], "release_date": "2018-04-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-04T14:10:19+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2643" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service" }, { "cve": "CVE-2018-10862", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2018-06-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1593527" } ], "notes": [ { "category": "description", "text": "It was found that the explode function of the deployment utility in jboss-cli and console that allows extraction of files from an archive does not perform necessary validation for directory traversal. This can lead to remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability can only be exploited by users with deployment permissions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10862" }, { "category": "external", "summary": "RHBZ#1593527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10862", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10862" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862" }, { "category": "external", "summary": "https://snyk.io/research/zip-slip-vulnerability", "url": "https://snyk.io/research/zip-slip-vulnerability" } ], "release_date": "2018-06-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-04T14:10:19+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2643" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.0" }, "products": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)" }, { "acknowledgments": [ { "names": [ "the PostgreSQL project" ] }, { "names": [ "Andrew Krasichkov" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2018-10915", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2018-07-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1609891" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with \"host\" or \"hostaddr\" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction.", "title": "Vulnerability description" }, { "category": "summary", "text": "postgresql: Certain host connection parameters defeat client-side security defenses", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability is only exploitable where an attacker can provide or influence connection parameters to a PostgreSQL client application using libpq. Contrib modules \"dblink\" and \"postgres_fdw\" are examples of applications affected by this flaw.\n\nRed Hat Virtualization includes vulnerable versions of postgresql. However this flaw is not known to be exploitable under any supported configuration of Red Hat Virtualization. A future update may address this issue.\n\nThis issue affects the versions of the rh-postgresql95-postgresql package as shipped with Red Hat Satellite 5.7 and 5.8. However, this flaw is not known to be exploitable under any supported scenario in Satellite 5. A future update may address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10915" }, { "category": "external", "summary": "RHBZ#1609891", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1609891" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10915", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10915" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10915", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10915" }, { "category": "external", "summary": "https://www.postgresql.org/about/news/1878/", "url": "https://www.postgresql.org/about/news/1878/" } ], "release_date": "2018-08-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-04T14:10:19+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2643" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "postgresql: Certain host connection parameters defeat client-side security defenses" }, { "cve": "CVE-2018-1000180", "cwe": { "id": "CWE-325", "name": "Missing Cryptographic Step" }, "discovery_date": "2018-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1588306" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in BouncyCastle. The number of iterations of the Miller-Rabin primality test was incorrectly calculated (according to FIPS 186-4 C.3). Under some circumstances, this could lead to the generation of weak RSA key pairs.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: flaw in the low-level interface to RSA key pair generator", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of bouncycastle as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Moderate. No update is planned for this product at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nRed Hat Satellite 6.5 isn\u0027t vulnerable to this issue, since it doesn\u0027t ship bouncycastle jar file anymore.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1000180" }, { "category": "external", "summary": "RHBZ#1588306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588306" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000180", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000180" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000180", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000180" } ], "release_date": "2018-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-04T14:10:19+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2643" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180828.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180828.0.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: flaw in the low-level interface to RSA key pair generator" } ] }
rhsa-2018_2279
Vulnerability from csaf_redhat
Published
2018-07-26 15:49
Modified
2024-11-15 03:05
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.2 security update
Notes
Topic
A security update is now available for Red Hat Single Sign-On 7.2 from the
Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications.
This asynchronous patch is a security update for wildfly-core and apache-cxf packages in Red Hat Single Sign-On 7.2.
Security Fix(es):
* apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)
* wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files. (CVE-2018-10862)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat Single Sign-On 7.2 from the\nCustomer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications.\n\nThis asynchronous patch is a security update for wildfly-core and apache-cxf packages in Red Hat Single Sign-On 7.2.\n\nSecurity Fix(es):\n\n* apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)\n\n* wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files. (CVE-2018-10862)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:2279", "url": "https://access.redhat.com/errata/RHSA-2018:2279" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=core.service.rhsso\u0026version=7.2", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=core.service.rhsso\u0026version=7.2" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign_on/?version=7.2", "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign_on/?version=7.2" }, { "category": "external", "summary": "1593527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527" }, { "category": "external", "summary": "1595332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595332" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2279.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.2 security update", "tracking": { "current_release_date": "2024-11-15T03:05:54+00:00", "generator": { "date": "2024-11-15T03:05:54+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:2279", "initial_release_date": "2018-07-26T15:49:25+00:00", "revision_history": [ { "date": "2018-07-26T15:49:25+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-07-26T15:49:25+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T03:05:54+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.2", "product": { "name": "Red Hat Single Sign-On 7.2", "product_id": "Red Hat Single Sign-On 7.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_single_sign_on:7.2" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-8039", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "discovery_date": "2018-06-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1595332" } ], "notes": [ { "category": "description", "text": "It was discovered that when Apache CXF is configured to use the system property com.sun.net.ssl.internal.www.protocol ,it uses reflection to make the HostnameVerifier work with old com.sun.net.ssl.HostnameVerifier interface. Although the CXF implementation throws an exception, which is caught in the reflection code but it is not properly propagated, this can lead to a man-in-the-middle attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Logging the openshift-logging/elasticsearch6-rhel8 container bundles the vulnerable version of apache-cxf, but the vulnerable class is not shipped, hence this component is not affected by this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8039" }, { "category": "external", "summary": "RHBZ#1595332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8039", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8039" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8039", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8039" }, { "category": "external", "summary": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1\u0026modificationDate=1530184663000\u0026api=v2", "url": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1\u0026modificationDate=1530184663000\u0026api=v2" } ], "release_date": "2018-06-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-26T15:49:25+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2279" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat Single Sign-On 7.2" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*" }, { "cve": "CVE-2018-10862", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2018-06-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1593527" } ], "notes": [ { "category": "description", "text": "It was found that the explode function of the deployment utility in jboss-cli and console that allows extraction of files from an archive does not perform necessary validation for directory traversal. This can lead to remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability can only be exploited by users with deployment permissions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10862" }, { "category": "external", "summary": "RHBZ#1593527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10862", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10862" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862" }, { "category": "external", "summary": "https://snyk.io/research/zip-slip-vulnerability", "url": "https://snyk.io/research/zip-slip-vulnerability" } ], "release_date": "2018-06-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-26T15:49:25+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2279" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.0" }, "products": [ "Red Hat Single Sign-On 7.2" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)" } ] }
rhsa-2018_2425
Vulnerability from csaf_redhat
Published
2018-08-15 11:20
Modified
2024-11-22 11:59
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly.
This release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237)
* bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)
* cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services (CVE-2017-12624)
* wildfly: wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (CVE-2018-10862)
* cxf-core: apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237)\n\n* bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)\n\n* cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services (CVE-2017-12624)\n\n* wildfly: wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (CVE-2018-10862)\n\n* cxf-core: apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:2425", "url": "https://access.redhat.com/errata/RHSA-2018:2425" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.1", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.1" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=7.1", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=7.1" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/" }, { "category": "external", "summary": "1515976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515976" }, { "category": "external", "summary": "1573391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573391" }, { "category": "external", "summary": "1588306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588306" }, { "category": "external", "summary": "1593527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527" }, { "category": "external", "summary": "1595332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595332" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2425.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1 security update", "tracking": { "current_release_date": "2024-11-22T11:59:59+00:00", "generator": { "date": "2024-11-22T11:59:59+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:2425", "initial_release_date": "2018-08-15T11:20:08+00:00", "revision_history": [ { "date": "2018-08-15T11:20:08+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-08-15T11:20:08+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T11:59:59+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.1", "product": { "name": "Red Hat JBoss EAP 7.1", "product_id": "Red Hat JBoss EAP 7.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-12624", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-11-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1515976" } ], "notes": [ { "category": "description", "text": "Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property \"attachment-max-header-size\".", "title": "Vulnerability description" }, { "category": "summary", "text": "cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss EAP 7.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-12624" }, { "category": "external", "summary": "RHBZ#1515976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515976" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-12624", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12624" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12624", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12624" } ], "release_date": "2017-11-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-15T11:20:08+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss EAP 7.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2425" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss EAP 7.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services" }, { "cve": "CVE-2018-8039", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "discovery_date": "2018-06-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1595332" } ], "notes": [ { "category": "description", "text": "It was discovered that when Apache CXF is configured to use the system property com.sun.net.ssl.internal.www.protocol ,it uses reflection to make the HostnameVerifier work with old com.sun.net.ssl.HostnameVerifier interface. Although the CXF implementation throws an exception, which is caught in the reflection code but it is not properly propagated, this can lead to a man-in-the-middle attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Logging the openshift-logging/elasticsearch6-rhel8 container bundles the vulnerable version of apache-cxf, but the vulnerable class is not shipped, hence this component is not affected by this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss EAP 7.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8039" }, { "category": "external", "summary": "RHBZ#1595332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8039", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8039" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8039", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8039" }, { "category": "external", "summary": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1\u0026modificationDate=1530184663000\u0026api=v2", "url": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1\u0026modificationDate=1530184663000\u0026api=v2" } ], "release_date": "2018-06-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-15T11:20:08+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss EAP 7.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2425" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss EAP 7.1" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*" }, { "cve": "CVE-2018-10237", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2018-05-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1573391" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Guava where the AtomicDoubleArray and CompoundOrdering classes were found to allocate memory based on size fields sent by the client without validation. A crafted message could cause the server to consume all available memory or crash leading to a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Openshift Application Runtimes: Eclipse Vert.x is not exploitable by this flaw, though the vulnerable code is a transient dependency to the product. This issue may be addressed in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss EAP 7.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10237" }, { "category": "external", "summary": "RHBZ#1573391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573391" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10237", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10237" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237" }, { "category": "external", "summary": "https://github.com/google/guava/wiki/CVE-2018-10237", "url": "https://github.com/google/guava/wiki/CVE-2018-10237" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/guava-announce/xqWALw4W1vs/discussion", "url": "https://groups.google.com/forum/#!topic/guava-announce/xqWALw4W1vs/discussion" } ], "release_date": "2018-04-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-15T11:20:08+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss EAP 7.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2425" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss EAP 7.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service" }, { "cve": "CVE-2018-10862", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2018-06-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1593527" } ], "notes": [ { "category": "description", "text": "It was found that the explode function of the deployment utility in jboss-cli and console that allows extraction of files from an archive does not perform necessary validation for directory traversal. This can lead to remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability can only be exploited by users with deployment permissions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss EAP 7.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10862" }, { "category": "external", "summary": "RHBZ#1593527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10862", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10862" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862" }, { "category": "external", "summary": "https://snyk.io/research/zip-slip-vulnerability", "url": "https://snyk.io/research/zip-slip-vulnerability" } ], "release_date": "2018-06-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-15T11:20:08+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss EAP 7.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2425" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss EAP 7.1" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)" }, { "cve": "CVE-2018-1000180", "cwe": { "id": "CWE-325", "name": "Missing Cryptographic Step" }, "discovery_date": "2018-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1588306" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in BouncyCastle. The number of iterations of the Miller-Rabin primality test was incorrectly calculated (according to FIPS 186-4 C.3). Under some circumstances, this could lead to the generation of weak RSA key pairs.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: flaw in the low-level interface to RSA key pair generator", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of bouncycastle as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Moderate. No update is planned for this product at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nRed Hat Satellite 6.5 isn\u0027t vulnerable to this issue, since it doesn\u0027t ship bouncycastle jar file anymore.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss EAP 7.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1000180" }, { "category": "external", "summary": "RHBZ#1588306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588306" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000180", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000180" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000180", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000180" } ], "release_date": "2018-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-15T11:20:08+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss EAP 7.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2425" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss EAP 7.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: flaw in the low-level interface to RSA key pair generator" } ] }
rhsa-2018_2277
Vulnerability from csaf_redhat
Published
2018-07-26 15:39
Modified
2024-11-15 03:06
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly.
This asynchronous patch is a security update for apache-cxf package in Red Hat JBoss Enterprise Application Platform 7.1
Security Fix(es):
* apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)
* wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files. (CVE-2018-10862)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly.\n\nThis asynchronous patch is a security update for apache-cxf package in Red Hat JBoss Enterprise Application Platform 7.1 \n\nSecurity Fix(es):\n\n* apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)\n\n* wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files. (CVE-2018-10862)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:2277", "url": "https://access.redhat.com/errata/RHSA-2018:2277" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.1", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.1" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=7.1/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=7.1/" }, { "category": "external", "summary": "1593527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527" }, { "category": "external", "summary": "1595332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595332" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2277.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1 security update", "tracking": { "current_release_date": "2024-11-15T03:06:07+00:00", "generator": { "date": "2024-11-15T03:06:07+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:2277", "initial_release_date": "2018-07-26T15:39:46+00:00", "revision_history": [ { "date": "2018-07-26T15:39:46+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-07-26T15:39:46+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T03:06:07+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.1", "product": { "name": "Red Hat JBoss EAP 7.1", "product_id": "Red Hat JBoss EAP 7.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-8039", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "discovery_date": "2018-06-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1595332" } ], "notes": [ { "category": "description", "text": "It was discovered that when Apache CXF is configured to use the system property com.sun.net.ssl.internal.www.protocol ,it uses reflection to make the HostnameVerifier work with old com.sun.net.ssl.HostnameVerifier interface. Although the CXF implementation throws an exception, which is caught in the reflection code but it is not properly propagated, this can lead to a man-in-the-middle attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Logging the openshift-logging/elasticsearch6-rhel8 container bundles the vulnerable version of apache-cxf, but the vulnerable class is not shipped, hence this component is not affected by this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss EAP 7.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8039" }, { "category": "external", "summary": "RHBZ#1595332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8039", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8039" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8039", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8039" }, { "category": "external", "summary": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1\u0026modificationDate=1530184663000\u0026api=v2", "url": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1\u0026modificationDate=1530184663000\u0026api=v2" } ], "release_date": "2018-06-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-26T15:39:46+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss EAP 7.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2277" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss EAP 7.1" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*" }, { "cve": "CVE-2018-10862", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2018-06-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1593527" } ], "notes": [ { "category": "description", "text": "It was found that the explode function of the deployment utility in jboss-cli and console that allows extraction of files from an archive does not perform necessary validation for directory traversal. This can lead to remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability can only be exploited by users with deployment permissions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss EAP 7.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10862" }, { "category": "external", "summary": "RHBZ#1593527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10862", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10862" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862" }, { "category": "external", "summary": "https://snyk.io/research/zip-slip-vulnerability", "url": "https://snyk.io/research/zip-slip-vulnerability" } ], "release_date": "2018-06-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-26T15:39:46+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss EAP 7.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2277" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss EAP 7.1" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)" } ] }
rhsa-2018_2276
Vulnerability from csaf_redhat
Published
2018-07-26 15:49
Modified
2024-11-15 03:05
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly.
This asynchronous patch is a security update for wildfly-core and apache-cxf packages in Red Hat JBoss Enterprise Application Platform 7.1
Security Fix(es):
* apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)
* wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files. (CVE-2018-10862)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly.\n\nThis asynchronous patch is a security update for wildfly-core and apache-cxf packages in Red Hat JBoss Enterprise Application Platform 7.1 \n\nSecurity Fix(es):\n\n* apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)\n\n* wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files. (CVE-2018-10862)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:2276", "url": "https://access.redhat.com/errata/RHSA-2018:2276" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1593527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527" }, { "category": "external", "summary": "1595332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595332" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2276.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1 security update", "tracking": { "current_release_date": "2024-11-15T03:05:39+00:00", "generator": { "date": "2024-11-15T03:05:39+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:2276", "initial_release_date": "2018-07-26T15:49:17+00:00", "revision_history": [ { "date": "2018-07-26T15:49:17+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-07-26T15:49:17+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T03:05:39+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.src", "product": { "name": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.src", "product_id": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.1.16-1.redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.src", "product": { "name": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.src", "product_id": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xml-security@2.0.10-1.redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.src", "product": { "name": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.src", "product_id": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j@2.1.12-1.redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.src", "product": { "name": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.src", "product_id": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.1.3-4.GA_redhat_3.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.src", "product": { "name": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.src", "product_id": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.1.16-1.redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.src", "product": { "name": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.src", "product_id": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xml-security@2.0.10-1.redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.src", "product": { "name": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.src", "product_id": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j@2.1.12-1.redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.src", "product": { "name": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.src", "product_id": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.1.3-4.GA_redhat_3.1.ep7.el6?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.1.16-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.1.16-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.1.16-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.1.16-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xml-security@2.0.10-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-common@2.1.12-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j-policy@2.1.12-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-stax@2.1.12-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j@2.1.12-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-dom@2.1.12-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j-bindings@2.1.12-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-policy-stax@2.1.12-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch", "product": { "name": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch", "product_id": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.1.3-4.GA_redhat_3.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch", "product": { "name": "eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch", "product_id": "eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.1.3-4.GA_redhat_3.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.1.16-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.1.16-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.1.16-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.1.16-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xml-security@2.0.10-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-common@2.1.12-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j-policy@2.1.12-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-stax@2.1.12-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j@2.1.12-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j-bindings@2.1.12-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-dom@2.1.12-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-policy-stax@2.1.12-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch", "product": { "name": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch", "product_id": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.1.3-4.GA_redhat_3.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch", "product": { "name": "eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch", "product_id": "eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.1.3-4.GA_redhat_3.1.ep7.el6?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch" }, "product_reference": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.src" }, "product_reference": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch" }, "product_reference": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.src" }, "product_reference": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-8039", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "discovery_date": "2018-06-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1595332" } ], "notes": [ { "category": "description", "text": "It was discovered that when Apache CXF is configured to use the system property com.sun.net.ssl.internal.www.protocol ,it uses reflection to make the HostnameVerifier work with old com.sun.net.ssl.HostnameVerifier interface. Although the CXF implementation throws an exception, which is caught in the reflection code but it is not properly propagated, this can lead to a man-in-the-middle attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Logging the openshift-logging/elasticsearch6-rhel8 container bundles the vulnerable version of apache-cxf, but the vulnerable class is not shipped, hence this component is not affected by this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.src", "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8039" }, { "category": "external", "summary": "RHBZ#1595332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8039", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8039" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8039", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8039" }, { "category": "external", "summary": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1\u0026modificationDate=1530184663000\u0026api=v2", "url": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1\u0026modificationDate=1530184663000\u0026api=v2" } ], "release_date": "2018-06-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-26T15:49:17+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe JBoss server process must be restarted for the update to take effect.\n\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.src", "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2276" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.src", "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*" }, { "cve": "CVE-2018-10862", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2018-06-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1593527" } ], "notes": [ { "category": "description", "text": "It was found that the explode function of the deployment utility in jboss-cli and console that allows extraction of files from an archive does not perform necessary validation for directory traversal. This can lead to remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability can only be exploited by users with deployment permissions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.src", "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10862" }, { "category": "external", "summary": "RHBZ#1593527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10862", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10862" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862" }, { "category": "external", "summary": "https://snyk.io/research/zip-slip-vulnerability", "url": "https://snyk.io/research/zip-slip-vulnerability" } ], "release_date": "2018-06-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-26T15:49:17+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe JBoss server process must be restarted for the update to take effect.\n\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.src", "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2276" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.0" }, "products": [ "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.src", "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)" } ] }
rhsa-2019_0877
Vulnerability from csaf_redhat
Published
2019-04-24 18:46
Modified
2024-11-15 00:41
Summary
Red Hat Security Advisory: Red Hat OpenShift Application Runtimes Thorntail 2.4.0 security & bug fix update
Notes
Topic
An update is now available for Red Hat OpenShift Application Runtimes.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.
This release of RHOAR Thorntail 2.4.0 serves as a replacement for RHOAR Thorntail 2.2.0, and includes security and bug fixes and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993) (CVE-2018-1067)
* keycloak: auth permitted with expired certs in SAML client (CVE-2018-10894)
* undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service (CVE-2018-1114)
* keycloak: infinite loop in session replacement leading to denial of service (CVE-2018-10912)
* wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip) (CVE-2018-10862)
* jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)
* jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)
* jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)
* jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)
* jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)
* jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)
* jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)
* jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)
* bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat OpenShift Application Runtimes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.\n\nThis release of RHOAR Thorntail 2.4.0 serves as a replacement for RHOAR Thorntail 2.2.0, and includes security and bug fixes and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993) (CVE-2018-1067)\n\n* keycloak: auth permitted with expired certs in SAML client (CVE-2018-10894)\n\n* undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service (CVE-2018-1114)\n\n* keycloak: infinite loop in session replacement leading to denial of service (CVE-2018-10912)\n\n* wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip) (CVE-2018-10862)\n\n* jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)\n\n* jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)\n\n* jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)\n\n* jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)\n\n* jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)\n\n* jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)\n\n* jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)\n\n* jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)\n\n* bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2019:0877", "url": "https://access.redhat.com/errata/RHSA-2019:0877" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.thorntail\u0026version=2.4.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.thorntail\u0026version=2.4.0" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html-single/rhoar_thorntail_release_notes/", "url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html-single/rhoar_thorntail_release_notes/" }, { "category": "external", "summary": "1550671", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550671" }, { "category": "external", "summary": "1573045", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573045" }, { "category": "external", "summary": "1588306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588306" }, { "category": "external", "summary": "1593527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527" }, { "category": "external", "summary": "1599434", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599434" }, { "category": "external", "summary": "1607624", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607624" }, { "category": "external", "summary": "1666415", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666415" }, { "category": "external", "summary": "1666418", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666418" }, { "category": "external", "summary": "1666482", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666482" }, { "category": "external", "summary": "1666484", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666484" }, { "category": "external", "summary": "1666489", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666489" }, { "category": "external", "summary": "1671096", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671096" }, { "category": "external", "summary": "1671097", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671097" }, { "category": "external", "summary": "1677341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677341" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0877.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Application Runtimes Thorntail 2.4.0 security \u0026 bug fix update", "tracking": { "current_release_date": "2024-11-15T00:41:17+00:00", "generator": { "date": "2024-11-15T00:41:17+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2019:0877", "initial_release_date": "2019-04-24T18:46:31+00:00", "revision_history": [ { "date": "2019-04-24T18:46:31+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-04-24T18:46:31+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T00:41:17+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Text-Only RHOAR", "product": { "name": "Text-Only RHOAR", "product_id": "Text-Only RHOAR", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0" } } } ], "category": "product_family", "name": "Red Hat OpenShift Application Runtimes" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Ammarit Thongthua", "Nattakit Intarasorn" ], "organization": "Deloitte Thailand Pentest team" } ], "cve": "CVE-2018-1067", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2018-03-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1550671" } ], "notes": [ { "category": "description", "text": "It was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1067" }, { "category": "external", "summary": "RHBZ#1550671", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550671" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1067", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1067" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1067", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1067" } ], "release_date": "2018-04-25T17:51:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-04-24T18:46:31+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:0877" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)" }, { "cve": "CVE-2018-1114", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2018-04-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1573045" } ], "notes": [ { "category": "description", "text": "It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1114" }, { "category": "external", "summary": "RHBZ#1573045", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573045" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1114", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1114" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1114", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1114" }, { "category": "external", "summary": "https://bugs.openjdk.java.net/browse/JDK-6956385", "url": "https://bugs.openjdk.java.net/browse/JDK-6956385" }, { "category": "external", "summary": "https://issues.jboss.org/browse/UNDERTOW-1338", "url": "https://issues.jboss.org/browse/UNDERTOW-1338" } ], "release_date": "2018-04-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-04-24T18:46:31+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:0877" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service" }, { "cve": "CVE-2018-10862", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2018-06-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1593527" } ], "notes": [ { "category": "description", "text": "It was found that the explode function of the deployment utility in jboss-cli and console that allows extraction of files from an archive does not perform necessary validation for directory traversal. This can lead to remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability can only be exploited by users with deployment permissions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10862" }, { "category": "external", "summary": "RHBZ#1593527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10862", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10862" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862" }, { "category": "external", "summary": "https://snyk.io/research/zip-slip-vulnerability", "url": "https://snyk.io/research/zip-slip-vulnerability" } ], "release_date": "2018-06-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-04-24T18:46:31+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:0877" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.0" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)" }, { "acknowledgments": [ { "names": [ "Benjamin Berg" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2018-10894", "cwe": { "id": "CWE-345", "name": "Insufficient Verification of Data Authenticity" }, "discovery_date": "2018-05-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1599434" } ], "notes": [ { "category": "description", "text": "It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: auth permitted with expired certs in SAML client", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10894" }, { "category": "external", "summary": "RHBZ#1599434", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599434" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10894", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10894" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10894", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10894" } ], "release_date": "2018-07-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-04-24T18:46:31+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:0877" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: auth permitted with expired certs in SAML client" }, { "cve": "CVE-2018-10912", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2018-05-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1607624" } ], "notes": [ { "category": "description", "text": "keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: infinite loop in session replacement leading to denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10912" }, { "category": "external", "summary": "RHBZ#1607624", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607624" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10912", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10912" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10912", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10912" } ], "release_date": "2018-05-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-04-24T18:46:31+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:0877" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: infinite loop in session replacement leading to denial of service" }, { "cve": "CVE-2018-11307", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1677341" } ], "notes": [ { "category": "description", "text": "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using MyBatis classes when using DefaultTyping. An attacker could use this flaw to achieve content exfiltration and possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 is not affected by this issue, since Candlepin\u0027s java runtime environment does not load MyBatis classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not include MyBatis classes.\n\nRed Hat Fuse 6 and 7 are not directly affected by this issue, as although they do ship the vulnerable jackson-databind component, they do not enable polymorphic deserialization or default typing which are required for exploitability. Their impacts have correspondingly been reduced to Moderate. Future updates may address this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-11307" }, { "category": "external", "summary": "RHBZ#1677341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-11307", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-11307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11307" } ], "release_date": "2018-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-04-24T18:46:31+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:0877" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis" }, { "cve": "CVE-2018-12022", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-01-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1671097" } ], "notes": [ { "category": "description", "text": "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: improper polymorphic deserialization of types from Jodd-db library", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 is not affected by this issue, since Candlepin\u0027s java runtime environment does not load Jodd classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not load Jodd classes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-12022" }, { "category": "external", "summary": "RHBZ#1671097", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671097" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-12022", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12022" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12022", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12022" } ], "release_date": "2018-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-04-24T18:46:31+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:0877" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: improper polymorphic deserialization of types from Jodd-db library" }, { "cve": "CVE-2018-12023", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-01-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1671096" } ], "notes": [ { "category": "description", "text": "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 is not affected by this issue, since Candlepin\u0027s java runtime environment does not load Oracle\u0027s JDBC classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not load Oracle\u0027s JDBC classes.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-12023" }, { "category": "external", "summary": "RHBZ#1671096", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671096" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-12023", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12023" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12023", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12023" } ], "release_date": "2018-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-04-24T18:46:31+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:0877" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver" }, { "cve": "CVE-2018-14718", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666415" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: arbitrary code execution in slf4j-ext class", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability in jackson-databind involves exploiting CVE-2018-1088 against slf4j, which was fixed in Red Hat products through the errata referenced at https://access.redhat.com/security/cve/cve-2018-8088. Applications that link only slf4j versions including that fix are not vulnerable to this vulnerability.\n\nRed Hat Satellite 6 is not affected by this issue, since its candlepin component doesn\u0027t bundle slf4j-ext jar.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14718" }, { "category": "external", "summary": "RHBZ#1666415", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666415" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14718", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14718" } ], "release_date": "2018-07-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-04-24T18:46:31+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:0877" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: arbitrary code execution in slf4j-ext class" }, { "cve": "CVE-2018-14719", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666418" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using blaze classes. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes", "title": "Vulnerability summary" }, { "category": "other", "text": "The following Red Hat products are not affected by this issue as they do not bundle or provide the requisite gadget jars to exploit this vulnerability:\nRed Hat Satellite 6\nRed Hat Enterprise Virtualization 4\nRed Hat Fuse 6, 7, and Fuse Integration Services 2\nRed Hat A-MQ 6", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14719" }, { "category": "external", "summary": "RHBZ#1666418", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666418" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14719", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14719" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14719", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14719" } ], "release_date": "2018-07-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-04-24T18:46:31+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:0877" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes" }, { "cve": "CVE-2018-19360", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666482" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the axis2-transport-jms class. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: improper polymorphic deserialization in axis2-transport-jms class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn\u0027t include axis2-transport-jms jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not include axis2-transport-jms jar.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-19360" }, { "category": "external", "summary": "RHBZ#1666482", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666482" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-19360", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19360" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-19360", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19360" } ], "release_date": "2018-11-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-04-24T18:46:31+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:0877" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: improper polymorphic deserialization in axis2-transport-jms class" }, { "cve": "CVE-2018-19361", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666484" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the OpenJPA class. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: improper polymorphic deserialization in openjpa class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn\u0027t bundle openjpa jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since its candlepin component doesn\u0027t bundle openjpa jar.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-19361" }, { "category": "external", "summary": "RHBZ#1666484", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666484" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-19361", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19361" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-19361", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19361" } ], "release_date": "2018-11-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-04-24T18:46:31+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:0877" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: improper polymorphic deserialization in openjpa class" }, { "cve": "CVE-2018-19362", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666489" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the jboss-common-core class. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: improper polymorphic deserialization in jboss-common-core class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn\u0027t bundle jboss-common-core jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since its candlepin component doesn\u0027t bundle jboss-common-core jar.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-19362" }, { "category": "external", "summary": "RHBZ#1666489", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666489" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-19362", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19362" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-19362", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19362" } ], "release_date": "2018-11-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-04-24T18:46:31+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:0877" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: improper polymorphic deserialization in jboss-common-core class" }, { "cve": "CVE-2018-1000180", "cwe": { "id": "CWE-325", "name": "Missing Cryptographic Step" }, "discovery_date": "2018-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1588306" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in BouncyCastle. The number of iterations of the Miller-Rabin primality test was incorrectly calculated (according to FIPS 186-4 C.3). Under some circumstances, this could lead to the generation of weak RSA key pairs.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: flaw in the low-level interface to RSA key pair generator", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of bouncycastle as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Moderate. No update is planned for this product at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nRed Hat Satellite 6.5 isn\u0027t vulnerable to this issue, since it doesn\u0027t ship bouncycastle jar file anymore.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1000180" }, { "category": "external", "summary": "RHBZ#1588306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588306" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000180", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000180" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000180", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000180" } ], "release_date": "2018-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-04-24T18:46:31+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:0877" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: flaw in the low-level interface to RSA key pair generator" } ] }
rhsa-2020_2562
Vulnerability from csaf_redhat
Published
2020-06-15 16:13
Modified
2024-11-15 03:23
Summary
Red Hat Security Advisory: EAP Continuous Delivery Technical Preview Release 13 security update
Notes
Topic
This is a security update for JBoss EAP Continuous Delivery 13.0.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform CD13 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform CD13 includes bug fixes and enhancements.
Security Fix(es):
* guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237)
* undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993) (CVE-2018-1067)
* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489)
* wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip) (CVE-2018-10862)
* undertow: client can use bogus uri in digest authentication (CVE-2017-12196)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "This is a security update for JBoss EAP Continuous Delivery 13.0.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform CD13 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform CD13 includes bug fixes and enhancements. \n\nSecurity Fix(es):\n\n* guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237)\n* undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993) (CVE-2018-1067)\n* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489)\n* wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip) (CVE-2018-10862)\n* undertow: client can use bogus uri in digest authentication (CVE-2017-12196)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:2562", "url": "https://access.redhat.com/errata/RHSA-2020:2562" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1503055", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503055" }, { "category": "external", "summary": "1549276", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549276" }, { "category": "external", "summary": "1550671", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550671" }, { "category": "external", "summary": "1573391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573391" }, { "category": "external", "summary": "1593527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2562.json" } ], "title": "Red Hat Security Advisory: EAP Continuous Delivery Technical Preview Release 13 security update", "tracking": { "current_release_date": "2024-11-15T03:23:30+00:00", "generator": { "date": "2024-11-15T03:23:30+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:2562", "initial_release_date": "2020-06-15T16:13:47+00:00", "revision_history": [ { "date": "2020-06-15T16:13:47+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-06-15T16:13:47+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T03:23:30+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform Continuous Delivery", "product": { "name": "Red Hat JBoss Enterprise Application Platform Continuous Delivery", "product_id": "Red Hat JBoss Enterprise Application Platform Continuous Delivery", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_cd:13" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Jan Stourac" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2017-12196", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2017-10-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1503055" } ], "notes": [ { "category": "description", "text": "It was discovered that when using Digest authentication, the server does not ensure that the value of the URI in the authorization header matches the URI in the HTTP request line. This allows the attacker to execute a MITM attack and access the desired content on the server.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Client can use bogus uri in Digest authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-12196" }, { "category": "external", "summary": "RHBZ#1503055", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503055" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-12196", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12196" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12196", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12196" } ], "release_date": "2018-03-12T15:56:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-06-15T16:13:47+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)", "product_ids": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2562" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Client can use bogus uri in Digest authentication" }, { "acknowledgments": [ { "names": [ "Ammarit Thongthua", "Nattakit Intarasorn" ], "organization": "Deloitte Thailand Pentest team" } ], "cve": "CVE-2018-1067", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2018-03-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1550671" } ], "notes": [ { "category": "description", "text": "It was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1067" }, { "category": "external", "summary": "RHBZ#1550671", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550671" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1067", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1067" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1067", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1067" } ], "release_date": "2018-04-25T17:51:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-06-15T16:13:47+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)", "product_ids": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2562" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)" }, { "cve": "CVE-2018-7489", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1549276" } ], "notes": [ { "category": "description", "text": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates.\n\nSatellite 6.2 does not support c3p0 classes. Since the latter are required for this flaw, therefore Satellite 6.2 is not affected. Satellite 6.3 and 6.4 are not affected because Candlepin does not use polymorphic deserialization.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-7489" }, { "category": "external", "summary": "RHBZ#1549276", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549276" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-7489", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489" }, { "category": "external", "summary": "https://access.redhat.com/solutions/3442891", "url": "https://access.redhat.com/solutions/3442891" } ], "release_date": "2018-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-06-15T16:13:47+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)", "product_ids": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2562" }, { "category": "workaround", "details": "Advice on how to remain safe while using JAX-RS webservices on JBoss EAP 7.x is available here:\n\nhttps://access.redhat.com/solutions/3279231\nhttps://github.com/FasterXML/jackson-docs/wiki/JacksonPolymorphicDeserialization\n\nGeneral Mitigation: \nTry to avoid \n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries" }, { "cve": "CVE-2018-10237", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2018-05-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1573391" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Guava where the AtomicDoubleArray and CompoundOrdering classes were found to allocate memory based on size fields sent by the client without validation. A crafted message could cause the server to consume all available memory or crash leading to a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Openshift Application Runtimes: Eclipse Vert.x is not exploitable by this flaw, though the vulnerable code is a transient dependency to the product. This issue may be addressed in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10237" }, { "category": "external", "summary": "RHBZ#1573391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573391" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10237", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10237" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237" }, { "category": "external", "summary": "https://github.com/google/guava/wiki/CVE-2018-10237", "url": "https://github.com/google/guava/wiki/CVE-2018-10237" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/guava-announce/xqWALw4W1vs/discussion", "url": "https://groups.google.com/forum/#!topic/guava-announce/xqWALw4W1vs/discussion" } ], "release_date": "2018-04-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-06-15T16:13:47+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)", "product_ids": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2562" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service" }, { "cve": "CVE-2018-10862", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2018-06-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1593527" } ], "notes": [ { "category": "description", "text": "It was found that the explode function of the deployment utility in jboss-cli and console that allows extraction of files from an archive does not perform necessary validation for directory traversal. This can lead to remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability can only be exploited by users with deployment permissions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10862" }, { "category": "external", "summary": "RHBZ#1593527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10862", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10862" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862" }, { "category": "external", "summary": "https://snyk.io/research/zip-slip-vulnerability", "url": "https://snyk.io/research/zip-slip-vulnerability" } ], "release_date": "2018-06-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-06-15T16:13:47+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)", "product_ids": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2562" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)" } ] }
rhsa-2020_2321
Vulnerability from csaf_redhat
Published
2020-05-26 16:09
Modified
2024-11-25 12:14
Summary
Red Hat Security Advisory: Red Hat Data Grid 7.3.6 security update
Notes
Topic
An update for Red Hat Data Grid is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.
This release of Red Hat Data Grid 7.3.6 serves as a replacement for Red Hat Data Grid 7.3.5 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum.
Security Fix(es):
* wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip) (CVE-2018-10862)
* apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086)
* netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers (CVE-2019-16869)
* netty: HTTP request smuggling (CVE-2019-20444)
* netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header (CVE-2019-20445)
* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)
* thrift: Endless loop when feed with specific input data (CVE-2019-0205)
* thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)
* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)
* jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig (CVE-2019-14540)
* jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.* (CVE-2019-16942)
* jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource (CVE-2019-16943)
* jackson-databind: Serialization gadgets in classes of the ehcache package (CVE-2019-17267)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for Red Hat Data Grid is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.\n\nThis release of Red Hat Data Grid 7.3.6 serves as a replacement for Red Hat Data Grid 7.3.5 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum.\n\nSecurity Fix(es):\n\n* wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip) (CVE-2018-10862)\n\n* apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086)\n\n* netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers (CVE-2019-16869)\n\n* netty: HTTP request smuggling (CVE-2019-20444)\n\n* netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header (CVE-2019-20445)\n\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)\n\n* thrift: Endless loop when feed with specific input data (CVE-2019-0205)\n\n* thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)\n\n* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)\n\n* jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig (CVE-2019-14540)\n\n* jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.* (CVE-2019-16942)\n\n* jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource (CVE-2019-16943)\n\n* jackson-databind: Serialization gadgets in classes of the ehcache package (CVE-2019-17267)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:2321", "url": "https://access.redhat.com/errata/RHSA-2020:2321" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=patches\u0026version=7.3", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=patches\u0026version=7.3" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index" }, { "category": "external", "summary": "1593527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527" }, { "category": "external", "summary": "1738673", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1738673" }, { "category": "external", "summary": "1755849", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849" }, { "category": "external", "summary": "1758167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167" }, { "category": "external", "summary": "1758187", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758187" }, { "category": "external", "summary": "1758191", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758191" }, { "category": "external", "summary": "1758619", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619" }, { "category": "external", "summary": "1764607", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764607" }, { "category": "external", "summary": "1764612", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764612" }, { "category": "external", "summary": "1767483", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767483" }, { "category": "external", "summary": "1796225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796225" }, { "category": "external", "summary": "1798509", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798509" }, { "category": "external", "summary": "1798524", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798524" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2321.json" } ], "title": "Red Hat Security Advisory: Red Hat Data Grid 7.3.6 security update", "tracking": { "current_release_date": "2024-11-25T12:14:09+00:00", "generator": { "date": "2024-11-25T12:14:09+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:2321", "initial_release_date": "2020-05-26T16:09:04+00:00", "revision_history": [ { "date": "2020-05-26T16:09:04+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-05-26T16:09:04+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T12:14:09+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Data Grid 7.3.6", "product": { "name": "Red Hat Data Grid 7.3.6", "product_id": "Red Hat Data Grid 7.3.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_data_grid:7.3" } } } ], "category": "product_family", "name": "Red Hat JBoss Data Grid" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-10862", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2018-06-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1593527" } ], "notes": [ { "category": "description", "text": "It was found that the explode function of the deployment utility in jboss-cli and console that allows extraction of files from an archive does not perform necessary validation for directory traversal. This can lead to remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability can only be exploited by users with deployment permissions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.6" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10862" }, { "category": "external", "summary": "RHBZ#1593527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10862", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10862" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862" }, { "category": "external", "summary": "https://snyk.io/research/zip-slip-vulnerability", "url": "https://snyk.io/research/zip-slip-vulnerability" } ], "release_date": "2018-06-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-26T16:09:04+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.6 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.6 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.6" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2321" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.0" }, "products": [ "Red Hat Data Grid 7.3.6" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)" }, { "cve": "CVE-2019-0205", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1764612" } ], "notes": [ { "category": "description", "text": "In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.", "title": "Vulnerability description" }, { "category": "summary", "text": "thrift: Endless loop when feed with specific input data", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains a vulnerable version of libthrift. However, OpenDaylight does not expose libthrift in a vulnerable way, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe thrift package in OpenShift Container Platform is installed only in Curator images in the Logging stack. The affected code is included in this package, it\u0027s functionality is not used. This vulnerability is therefore rated Low for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.6" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-0205" }, { "category": "external", "summary": "RHBZ#1764612", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764612" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0205", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0205" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0205", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0205" } ], "release_date": "2019-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-26T16:09:04+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.6 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.6 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.6" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2321" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat Data Grid 7.3.6" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "thrift: Endless loop when feed with specific input data" }, { "cve": "CVE-2019-0210", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2019-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1764607" } ], "notes": [ { "category": "description", "text": "In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.", "title": "Vulnerability description" }, { "category": "summary", "text": "thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains a vulnerable version of libthrift. However, OpenDaylight is not affected as this is a Golang specific problem, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe version of thrift delivered in OpenShift Container Platform is not affected by this vulnerability as it does not contain the affected code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.6" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-0210" }, { "category": "external", "summary": "RHBZ#1764607", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764607" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0210", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0210" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0210", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0210" } ], "release_date": "2019-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-26T16:09:04+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.6 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.6 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.6" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2321" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.6" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol" }, { "cve": "CVE-2019-10086", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-10-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1767483" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.6" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-10086" }, { "category": "external", "summary": "RHBZ#1767483", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767483" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-10086", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10086" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086" }, { "category": "external", "summary": "https://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt", "url": "https://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt" } ], "release_date": "2019-08-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-26T16:09:04+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.6 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.6 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.6" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2321" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "Red Hat Data Grid 7.3.6" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "Red Hat Data Grid 7.3.6" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default" }, { "acknowledgments": [ { "names": [ "Dominik Mizyn" ], "organization": "Samsung R\u0026D Institute Poland" } ], "cve": "CVE-2019-10219", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2019-05-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1738673" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: safeHTML validator allows XSS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it is being deprecated and is only receiving security fixes for Important and Critical flaws.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.6" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-10219" }, { "category": "external", "summary": "RHBZ#1738673", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1738673" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-10219", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10219" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10219", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10219" } ], "release_date": "2019-08-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-26T16:09:04+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.6 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.6 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.6" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2321" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat Data Grid 7.3.6" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: safeHTML validator allows XSS" }, { "cve": "CVE-2019-14540", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2019-09-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1755849" } ], "notes": [ { "category": "description", "text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.6" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14540" }, { "category": "external", "summary": "RHBZ#1755849", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14540", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14540" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540" } ], "release_date": "2019-09-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-26T16:09:04+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.6 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.6 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.6" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2321" }, { "category": "workaround", "details": "This vulnerability relies on com.zaxxer.hikari.HikariConfig being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", "product_ids": [ "Red Hat Data Grid 7.3.6" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat Data Grid 7.3.6" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig" }, { "cve": "CVE-2019-16869", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1758619" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that this vulnerability does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.6" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16869" }, { "category": "external", "summary": "RHBZ#1758619", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16869", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16869" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869" } ], "release_date": "2019-09-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-26T16:09:04+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.6 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.6 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.6" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2321" }, { "category": "workaround", "details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings", "product_ids": [ "Red Hat Data Grid 7.3.6" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat Data Grid 7.3.6" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers" }, { "cve": "CVE-2019-16942", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2019-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1758187" } ], "notes": [ { "category": "description", "text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*", "title": "Vulnerability summary" }, { "category": "other", "text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.6" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16942" }, { "category": "external", "summary": "RHBZ#1758187", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758187" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16942", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16942" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16942", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16942" } ], "release_date": "2019-09-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-26T16:09:04+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.6 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.6 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.6" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2321" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Data Grid 7.3.6" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat Data Grid 7.3.6" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*" }, { "cve": "CVE-2019-16943", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2019-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1758191" } ], "notes": [ { "category": "description", "text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource", "title": "Vulnerability summary" }, { "category": "other", "text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.6" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16943" }, { "category": "external", "summary": "RHBZ#1758191", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758191" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16943", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16943" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16943", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16943" } ], "release_date": "2019-09-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-26T16:09:04+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.6 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.6 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.6" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2321" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Data Grid 7.3.6" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat Data Grid 7.3.6" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource" }, { "cve": "CVE-2019-17267", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2019-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1758167" } ], "notes": [ { "category": "description", "text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in classes of the ehcache package", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat OpenShift Container Platform does ship the vulnerable component, but does not enable the unsafe conditions needed to exploit, lowering their vulnerability impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.6" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-17267" }, { "category": "external", "summary": "RHBZ#1758167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17267", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267" } ], "release_date": "2019-09-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-26T16:09:04+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.6 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.6 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.6" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2321" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Data Grid 7.3.6" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat Data Grid 7.3.6" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in classes of the ehcache package" }, { "cve": "CVE-2019-20444", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-01-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1798524" } ], "notes": [ { "category": "description", "text": "A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF (carriage return, line feed) without being followed by SP (space) or HTAB (horizontal tab), result in situations where headers can be misread. Data integrity is the highest threat with this vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that the previous vulnerability, CVE-2019-16869, does not pose a substantial practical threat to ElasticSearch 6. We agree that these issues would be difficult to exploit on OpenShift Container Platform so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships a vulnerable version of netty embedded in Candlepin. However, the flaw can not be triggered in that context, because HTTP requests are handled by Tomcat, not by netty. A future release may fix this.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.6" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-20444" }, { "category": "external", "summary": "RHBZ#1798524", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798524" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20444", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20444" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20444", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20444" }, { "category": "external", "summary": "https://github.com/elastic/elasticsearch/issues/49396", "url": "https://github.com/elastic/elasticsearch/issues/49396" } ], "release_date": "2020-01-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-26T16:09:04+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.6 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.6 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.6" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2321" }, { "category": "workaround", "details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings", "product_ids": [ "Red Hat Data Grid 7.3.6" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.6" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "netty: HTTP request smuggling" }, { "cve": "CVE-2019-20445", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-01-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1798509" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a server, it could result in a viable HTTP smuggling vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that the previous vulnerability, CVE-2019-16869, does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit both these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships a vulnerable version of netty embedded in Candlepin. However, the flaw can not be triggered in that context, because HTTP requests are handled by Tomcat, not by netty. A future release may fix this.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.6" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-20445" }, { "category": "external", "summary": "RHBZ#1798509", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798509" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20445", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20445" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20445", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20445" } ], "release_date": "2020-01-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-26T16:09:04+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.6 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.6 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.6" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2321" }, { "category": "workaround", "details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings", "product_ids": [ "Red Hat Data Grid 7.3.6" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.6" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header" }, { "cve": "CVE-2020-7238", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-01-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1796225" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that the previous vulnerability, CVE-2019-16869, does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit both these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.6" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-7238" }, { "category": "external", "summary": "RHBZ#1796225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796225" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-7238", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7238" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7238", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7238" }, { "category": "external", "summary": "https://netty.io/news/2019/12/18/4-1-44-Final.html", "url": "https://netty.io/news/2019/12/18/4-1-44-Final.html" } ], "release_date": "2020-01-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-26T16:09:04+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.6 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.6 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.6" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2321" }, { "category": "workaround", "details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings", "product_ids": [ "Red Hat Data Grid 7.3.6" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.6" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling" } ] }
rhsa-2018_2428
Vulnerability from csaf_redhat
Published
2018-08-15 11:28
Modified
2024-11-22 12:00
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.2.4 security update
Notes
Topic
A security update is now available for Red Hat Single Sign-On 7.2 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
[2021-07-07 UPDATE: The advisory was originally published with incomplete informational links and has been republished to update those links. NO CODE HAS CHANGED WITH THIS UPDATE, AND NO ACTION IS REQUIRED.]
Details
Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.2.4 serves as a replacement for Red Hat Single Sign-On 7.2.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237)
* bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)
* cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services (CVE-2017-12624)
* wildfly: wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (CVE-2018-10862)
* cxf-core: apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)
* keycloak: infinite loop in session replacement leading to denial of service (CVE-2018-10912)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat Single Sign-On 7.2 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[2021-07-07 UPDATE: The advisory was originally published with incomplete informational links and has been republished to update those links. NO CODE HAS CHANGED WITH THIS UPDATE, AND NO ACTION IS REQUIRED.]", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.2.4 serves as a replacement for Red Hat Single Sign-On 7.2.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237)\n\n* bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)\n\n* cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services (CVE-2017-12624)\n\n* wildfly: wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (CVE-2018-10862)\n\n* cxf-core: apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)\n\n* keycloak: infinite loop in session replacement leading to denial of service (CVE-2018-10912)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:2428", "url": "https://access.redhat.com/errata/RHSA-2018:2428" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=core.service.rhsso\u0026version=7.2", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=core.service.rhsso\u0026version=7.2" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign_on/?version=7.2", "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign_on/?version=7.2" }, { "category": "external", "summary": "1515976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515976" }, { "category": "external", "summary": "1573391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573391" }, { "category": "external", "summary": "1588306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588306" }, { "category": "external", "summary": "1593527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527" }, { "category": "external", "summary": "1595332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595332" }, { "category": "external", "summary": "1607624", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607624" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2428.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.2.4 security update", "tracking": { "current_release_date": "2024-11-22T12:00:04+00:00", "generator": { "date": "2024-11-22T12:00:04+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:2428", "initial_release_date": "2018-08-15T11:28:37+00:00", "revision_history": [ { "date": "2018-08-15T11:28:37+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-07-07T21:09:44+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T12:00:04+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.2.4 zip", "product": { "name": "Red Hat Single Sign-On 7.2.4 zip", "product_id": "Red Hat Single Sign-On 7.2.4 zip", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_single_sign_on:7.2" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-12624", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-11-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1515976" } ], "notes": [ { "category": "description", "text": "Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property \"attachment-max-header-size\".", "title": "Vulnerability description" }, { "category": "summary", "text": "cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.2.4 zip" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-12624" }, { "category": "external", "summary": "RHBZ#1515976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515976" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-12624", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12624" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12624", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12624" } ], "release_date": "2017-11-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-15T11:28:37+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.2.4 zip" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2428" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "Red Hat Single Sign-On 7.2.4 zip" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services" }, { "cve": "CVE-2018-8039", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "discovery_date": "2018-06-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1595332" } ], "notes": [ { "category": "description", "text": "It was discovered that when Apache CXF is configured to use the system property com.sun.net.ssl.internal.www.protocol ,it uses reflection to make the HostnameVerifier work with old com.sun.net.ssl.HostnameVerifier interface. Although the CXF implementation throws an exception, which is caught in the reflection code but it is not properly propagated, this can lead to a man-in-the-middle attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Logging the openshift-logging/elasticsearch6-rhel8 container bundles the vulnerable version of apache-cxf, but the vulnerable class is not shipped, hence this component is not affected by this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.2.4 zip" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8039" }, { "category": "external", "summary": "RHBZ#1595332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8039", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8039" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8039", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8039" }, { "category": "external", "summary": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1\u0026modificationDate=1530184663000\u0026api=v2", "url": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1\u0026modificationDate=1530184663000\u0026api=v2" } ], "release_date": "2018-06-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-15T11:28:37+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.2.4 zip" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2428" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat Single Sign-On 7.2.4 zip" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*" }, { "cve": "CVE-2018-10237", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2018-05-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1573391" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Guava where the AtomicDoubleArray and CompoundOrdering classes were found to allocate memory based on size fields sent by the client without validation. A crafted message could cause the server to consume all available memory or crash leading to a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Openshift Application Runtimes: Eclipse Vert.x is not exploitable by this flaw, though the vulnerable code is a transient dependency to the product. This issue may be addressed in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.2.4 zip" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10237" }, { "category": "external", "summary": "RHBZ#1573391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573391" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10237", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10237" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237" }, { "category": "external", "summary": "https://github.com/google/guava/wiki/CVE-2018-10237", "url": "https://github.com/google/guava/wiki/CVE-2018-10237" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/guava-announce/xqWALw4W1vs/discussion", "url": "https://groups.google.com/forum/#!topic/guava-announce/xqWALw4W1vs/discussion" } ], "release_date": "2018-04-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-15T11:28:37+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.2.4 zip" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2428" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat Single Sign-On 7.2.4 zip" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service" }, { "cve": "CVE-2018-10862", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2018-06-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1593527" } ], "notes": [ { "category": "description", "text": "It was found that the explode function of the deployment utility in jboss-cli and console that allows extraction of files from an archive does not perform necessary validation for directory traversal. This can lead to remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability can only be exploited by users with deployment permissions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.2.4 zip" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10862" }, { "category": "external", "summary": "RHBZ#1593527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10862", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10862" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862" }, { "category": "external", "summary": "https://snyk.io/research/zip-slip-vulnerability", "url": "https://snyk.io/research/zip-slip-vulnerability" } ], "release_date": "2018-06-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-15T11:28:37+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.2.4 zip" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2428" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.0" }, "products": [ "Red Hat Single Sign-On 7.2.4 zip" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)" }, { "cve": "CVE-2018-10912", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2018-05-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1607624" } ], "notes": [ { "category": "description", "text": "keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: infinite loop in session replacement leading to denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.2.4 zip" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10912" }, { "category": "external", "summary": "RHBZ#1607624", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607624" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10912", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10912" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10912", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10912" } ], "release_date": "2018-05-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-15T11:28:37+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.2.4 zip" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2428" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat Single Sign-On 7.2.4 zip" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: infinite loop in session replacement leading to denial of service" }, { "cve": "CVE-2018-1000180", "cwe": { "id": "CWE-325", "name": "Missing Cryptographic Step" }, "discovery_date": "2018-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1588306" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in BouncyCastle. The number of iterations of the Miller-Rabin primality test was incorrectly calculated (according to FIPS 186-4 C.3). Under some circumstances, this could lead to the generation of weak RSA key pairs.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: flaw in the low-level interface to RSA key pair generator", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of bouncycastle as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Moderate. No update is planned for this product at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nRed Hat Satellite 6.5 isn\u0027t vulnerable to this issue, since it doesn\u0027t ship bouncycastle jar file anymore.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.2.4 zip" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1000180" }, { "category": "external", "summary": "RHBZ#1588306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588306" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000180", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000180" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000180", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000180" } ], "release_date": "2018-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-15T11:28:37+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.2.4 zip" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2428" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat Single Sign-On 7.2.4 zip" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: flaw in the low-level interface to RSA key pair generator" } ] }
rhsa-2018_2424
Vulnerability from csaf_redhat
Published
2018-08-15 11:31
Modified
2024-11-22 11:59
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL7 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform is a platform for Java
applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237)
* bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)
* cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services (CVE-2017-12624)
* wildfly: wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (CVE-2018-10862)
* cxf-core: apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in the
References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform is a platform for Java\napplications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237)\n\n* bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)\n\n* cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services (CVE-2017-12624)\n\n* wildfly: wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (CVE-2018-10862)\n\n* cxf-core: apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in the\nReferences section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:2424", "url": "https://access.redhat.com/errata/RHSA-2018:2424" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=7.1", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=7.1" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/" }, { "category": "external", "summary": "1515976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515976" }, { "category": "external", "summary": "1573391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573391" }, { "category": "external", "summary": "1588306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588306" }, { "category": "external", "summary": "1593527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527" }, { "category": "external", "summary": "1595332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595332" }, { "category": "external", "summary": "JBEAP-14788", "url": "https://issues.redhat.com/browse/JBEAP-14788" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2424.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL7 security update", "tracking": { "current_release_date": "2024-11-22T11:59:53+00:00", "generator": { "date": "2024-11-22T11:59:53+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:2424", "initial_release_date": "2018-08-15T11:31:24+00:00", "revision_history": [ { "date": "2018-08-15T11:31:24+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-08-15T11:31:24+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T11:59:53+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.8-1.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.src", "product_id": "eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@1.4.18-7.SP8_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.10-1.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-mod_cluster@1.3.10-1.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "product_id": "eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-13.SP12_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "product_id": "eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-13.SP12_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-web-console-eap@2.9.18-1.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana@5.5.32-1.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-naming-client@1.0.9-1.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.src", "product": { "name": "eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.src", "product_id": "eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava-libraries@25.0.0-1.redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.0.26-1.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.1.15-1.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.11-1.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.0.4-1.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.src", "product": { "name": "eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.src", "product_id": "eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.56.0-5.redhat_3.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.src", "product": { "name": "eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.src", "product_id": "eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@1.5.5.013-1.redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.src", "product": { "name": "eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.src", "product_id": "eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.0.6-4.Final_redhat_4.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.src", "product_id": "eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.1.4-1.GA_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.src", "product_id": "eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.1.4-2.GA_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux@1.0.6-14.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.2.6-2.Final_redhat_1.1.ep7.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.8-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@1.4.18-7.SP8_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.10-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.10-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.10-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.10-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.10-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.10-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.10-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.10-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.10-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-mod_cluster@1.3.10-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-idm-impl@2.5.5-13.SP12_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-idm-api@2.5.5-13.SP12_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-common@2.5.5-13.SP12_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-config@2.5.5-13.SP12_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-impl@2.5.5-13.SP12_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-13.SP12_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-idm-simple-schema@2.5.5-13.SP12_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-api@2.5.5-13.SP12_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-13.SP12_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-13.SP12_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-web-console-eap@2.9.18-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jbosstxbridge@5.5.32-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-bridge@5.5.32-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jbossxts@5.5.32-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-integration@5.5.32-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jts-idlj@5.5.32-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana@5.5.32-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-txframework@5.5.32-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-api@5.5.32-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-util@5.5.32-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jts-integration@5.5.32-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-compensations@5.5.32-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-naming-client@1.0.9-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava@25.0.0-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava-libraries@25.0.0-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.0.26-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.0.26-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.0.26-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client@3.0.26-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.0.26-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.0.26-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.0.26-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.0.26-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.0.26-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.0.26-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.0.26-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.0.26-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.0.26-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.0.26-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.0.26-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.0.26-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.0.26-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.1.15-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.1.15-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.1.15-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.1.15-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.1.15-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-infinispan@5.1.15-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.11-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.0.4-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "product": { "name": "eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "product_id": "eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-mail@1.56.0-5.redhat_3.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "product": { "name": "eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "product_id": "eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-pkix@1.56.0-5.redhat_3.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "product": { "name": "eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "product_id": "eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.56.0-5.redhat_3.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "product": { "name": "eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "product_id": "eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-prov@1.56.0-5.redhat_3.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@1.5.5.013-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@1.5.5.013-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-native@1.5.5.013-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@1.5.5.013-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@1.5.5.013-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@1.5.5.013-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@1.5.5.013-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@1.5.5.013-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@1.5.5.013-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@1.5.5.013-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@1.5.5.013-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@1.5.5.013-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@1.5.5.013-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@1.5.5.013-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@1.5.5.013-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@1.5.5.013-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0-to-eap7.1@1.0.6-4.Final_redhat_4.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.0@1.0.6-4.Final_redhat_4.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.0.6-4.Final_redhat_4.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.0.6-4.Final_redhat_4.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.0.6-4.Final_redhat_4.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0-to-eap7.1@1.0.6-4.Final_redhat_4.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.1@1.0.6-4.Final_redhat_4.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.0.6-4.Final_redhat_4.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.0@1.0.6-4.Final_redhat_4.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.1@1.0.6-4.Final_redhat_4.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.0.6-4.Final_redhat_4.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.1@1.0.6-4.Final_redhat_4.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1-to-eap7.1@1.0.6-4.Final_redhat_4.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.0@1.0.6-4.Final_redhat_4.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.0.6-4.Final_redhat_4.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.0.6-4.Final_redhat_4.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.0.6-4.Final_redhat_4.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.0.6-4.Final_redhat_4.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.0.6-4.Final_redhat_4.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.1.4-1.GA_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.1.4-1.GA_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.1.4-2.GA_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet-core@1.2.6-2.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.2.6-2.Final_redhat_1.1.ep7.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "product": { "name": "eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "product_id": "eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux-debuginfo@1.0.6-14.Final_redhat_1.1.ep7.el7?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "product": { "name": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "product_id": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux@1.0.6-14.Final_redhat_1.1.ep7.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.noarch" }, "product_reference": "eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.src" }, "product_reference": "eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el7.noarch" }, "product_reference": "eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el7.noarch" }, "product_reference": "eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el7.noarch" }, "product_reference": "eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.src" }, "product_reference": "eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64" }, "product_reference": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64" }, "product_reference": "eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-12624", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-11-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1515976" } ], "notes": [ { "category": "description", "text": "Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property \"attachment-max-header-size\".", "title": "Vulnerability description" }, { "category": "summary", "text": "cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-12624" }, { "category": "external", "summary": "RHBZ#1515976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515976" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-12624", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12624" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12624", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12624" } ], "release_date": "2017-11-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-15T11:31:24+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2424" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services" }, { "cve": "CVE-2018-8039", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "discovery_date": "2018-06-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1595332" } ], "notes": [ { "category": "description", "text": "It was discovered that when Apache CXF is configured to use the system property com.sun.net.ssl.internal.www.protocol ,it uses reflection to make the HostnameVerifier work with old com.sun.net.ssl.HostnameVerifier interface. Although the CXF implementation throws an exception, which is caught in the reflection code but it is not properly propagated, this can lead to a man-in-the-middle attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Logging the openshift-logging/elasticsearch6-rhel8 container bundles the vulnerable version of apache-cxf, but the vulnerable class is not shipped, hence this component is not affected by this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8039" }, { "category": "external", "summary": "RHBZ#1595332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8039", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8039" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8039", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8039" }, { "category": "external", "summary": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1\u0026modificationDate=1530184663000\u0026api=v2", "url": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1\u0026modificationDate=1530184663000\u0026api=v2" } ], "release_date": "2018-06-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-15T11:31:24+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2424" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*" }, { "cve": "CVE-2018-10237", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2018-05-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1573391" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Guava where the AtomicDoubleArray and CompoundOrdering classes were found to allocate memory based on size fields sent by the client without validation. A crafted message could cause the server to consume all available memory or crash leading to a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Openshift Application Runtimes: Eclipse Vert.x is not exploitable by this flaw, though the vulnerable code is a transient dependency to the product. This issue may be addressed in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10237" }, { "category": "external", "summary": "RHBZ#1573391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573391" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10237", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10237" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237" }, { "category": "external", "summary": "https://github.com/google/guava/wiki/CVE-2018-10237", "url": "https://github.com/google/guava/wiki/CVE-2018-10237" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/guava-announce/xqWALw4W1vs/discussion", "url": "https://groups.google.com/forum/#!topic/guava-announce/xqWALw4W1vs/discussion" } ], "release_date": "2018-04-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-15T11:31:24+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2424" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service" }, { "cve": "CVE-2018-10862", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2018-06-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1593527" } ], "notes": [ { "category": "description", "text": "It was found that the explode function of the deployment utility in jboss-cli and console that allows extraction of files from an archive does not perform necessary validation for directory traversal. This can lead to remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability can only be exploited by users with deployment permissions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10862" }, { "category": "external", "summary": "RHBZ#1593527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10862", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10862" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862" }, { "category": "external", "summary": "https://snyk.io/research/zip-slip-vulnerability", "url": "https://snyk.io/research/zip-slip-vulnerability" } ], "release_date": "2018-06-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-15T11:31:24+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2424" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.0" }, "products": [ "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)" }, { "cve": "CVE-2018-1000180", "cwe": { "id": "CWE-325", "name": "Missing Cryptographic Step" }, "discovery_date": "2018-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1588306" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in BouncyCastle. The number of iterations of the Miller-Rabin primality test was incorrectly calculated (according to FIPS 186-4 C.3). Under some circumstances, this could lead to the generation of weak RSA key pairs.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: flaw in the low-level interface to RSA key pair generator", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of bouncycastle as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Moderate. No update is planned for this product at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nRed Hat Satellite 6.5 isn\u0027t vulnerable to this issue, since it doesn\u0027t ship bouncycastle jar file anymore.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1000180" }, { "category": "external", "summary": "RHBZ#1588306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588306" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000180", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000180" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000180", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000180" } ], "release_date": "2018-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-15T11:31:24+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2424" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: flaw in the low-level interface to RSA key pair generator" } ] }
rhsa-2018_2423
Vulnerability from csaf_redhat
Published
2018-08-15 11:31
Modified
2024-11-22 11:59
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL 6 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform is a platform for Java
applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237)
* bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)
* cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services (CVE-2017-12624)
* wildfly: wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (CVE-2018-10862)
* cxf-core: apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in the
References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform is a platform for Java\napplications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237)\n\n* bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)\n\n* cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services (CVE-2017-12624)\n\n* wildfly: wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (CVE-2018-10862)\n\n* cxf-core: apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in the\nReferences section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:2423", "url": "https://access.redhat.com/errata/RHSA-2018:2423" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=7.1", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=7.1" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/" }, { "category": "external", "summary": "1515976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515976" }, { "category": "external", "summary": "1573391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573391" }, { "category": "external", "summary": "1588306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588306" }, { "category": "external", "summary": "1593527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527" }, { "category": "external", "summary": "1595332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595332" }, { "category": "external", "summary": "JBEAP-14787", "url": "https://issues.redhat.com/browse/JBEAP-14787" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2423.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL 6 security update", "tracking": { "current_release_date": "2024-11-22T11:59:47+00:00", "generator": { "date": "2024-11-22T11:59:47+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:2423", "initial_release_date": "2018-08-15T11:31:11+00:00", "revision_history": [ { "date": "2018-08-15T11:31:11+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-08-15T11:31:11+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T11:59:47+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.8-1.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.src", "product_id": "eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@1.4.18-7.SP8_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.10-1.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-mod_cluster@1.3.10-1.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "product_id": "eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-13.SP12_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "product_id": "eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-13.SP12_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-web-console-eap@2.9.18-1.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana@5.5.32-1.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-naming-client@1.0.9-1.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.src", "product": { "name": "eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.src", "product_id": "eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava-libraries@25.0.0-1.redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.0.26-1.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.1.15-1.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.11-1.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.0.4-1.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.src", "product": { "name": "eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.src", "product_id": "eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.56.0-5.redhat_3.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.src", "product": { "name": "eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.src", "product_id": "eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@1.5.5.013-1.redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.src", "product": { "name": "eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.src", "product_id": "eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.0.6-4.Final_redhat_4.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.src", "product_id": "eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.1.4-1.GA_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.src", "product_id": "eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.1.4-2.GA_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux@1.0.6-14.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.2.6-2.Final_redhat_1.1.ep7.el6?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.8-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@1.4.18-7.SP8_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.10-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.10-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.10-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.10-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.10-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.10-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.10-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.10-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.10-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-mod_cluster@1.3.10-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-idm-impl@2.5.5-13.SP12_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-idm-api@2.5.5-13.SP12_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-common@2.5.5-13.SP12_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-config@2.5.5-13.SP12_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-impl@2.5.5-13.SP12_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-13.SP12_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-idm-simple-schema@2.5.5-13.SP12_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-api@2.5.5-13.SP12_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-13.SP12_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-13.SP12_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-web-console-eap@2.9.18-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jbosstxbridge@5.5.32-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-bridge@5.5.32-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jts-integration@5.5.32-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jbossxts@5.5.32-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-integration@5.5.32-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana@5.5.32-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-txframework@5.5.32-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-util@5.5.32-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-api@5.5.32-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jts-idlj@5.5.32-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-compensations@5.5.32-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-naming-client@1.0.9-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava@25.0.0-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava-libraries@25.0.0-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.0.26-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.0.26-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.0.26-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client@3.0.26-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.0.26-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.0.26-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.0.26-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.0.26-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.0.26-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.0.26-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.0.26-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.0.26-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.0.26-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.0.26-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.0.26-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.0.26-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.0.26-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.1.15-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.1.15-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.1.15-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.1.15-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-infinispan@5.1.15-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.1.15-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.11-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.0.4-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "product": { "name": "eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "product_id": "eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-pkix@1.56.0-5.redhat_3.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "product": { "name": "eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "product_id": "eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-mail@1.56.0-5.redhat_3.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "product": { "name": "eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "product_id": "eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.56.0-5.redhat_3.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "product": { "name": "eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "product_id": "eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-prov@1.56.0-5.redhat_3.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@1.5.5.013-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@1.5.5.013-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@1.5.5.013-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-native@1.5.5.013-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@1.5.5.013-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@1.5.5.013-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@1.5.5.013-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@1.5.5.013-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@1.5.5.013-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@1.5.5.013-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@1.5.5.013-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@1.5.5.013-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@1.5.5.013-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@1.5.5.013-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@1.5.5.013-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@1.5.5.013-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0-to-eap7.1@1.0.6-4.Final_redhat_4.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.0.6-4.Final_redhat_4.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.0.6-4.Final_redhat_4.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.1@1.0.6-4.Final_redhat_4.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0-to-eap7.1@1.0.6-4.Final_redhat_4.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.0.6-4.Final_redhat_4.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.0@1.0.6-4.Final_redhat_4.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.0.6-4.Final_redhat_4.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.0@1.0.6-4.Final_redhat_4.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.0.6-4.Final_redhat_4.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.1@1.0.6-4.Final_redhat_4.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1-to-eap7.1@1.0.6-4.Final_redhat_4.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.0@1.0.6-4.Final_redhat_4.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.0.6-4.Final_redhat_4.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.0.6-4.Final_redhat_4.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.1@1.0.6-4.Final_redhat_4.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.0.6-4.Final_redhat_4.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.0.6-4.Final_redhat_4.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.0.6-4.Final_redhat_4.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.1.4-1.GA_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.1.4-1.GA_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.1.4-2.GA_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.2.6-2.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet-core@1.2.6-2.Final_redhat_1.1.ep7.el6?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "product": { "name": "eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "product_id": "eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux-debuginfo@1.0.6-14.Final_redhat_1.1.ep7.el6?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "product": { "name": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "product_id": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux@1.0.6-14.Final_redhat_1.1.ep7.el6?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "product": { "name": "eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "product_id": "eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux-debuginfo@1.0.6-14.Final_redhat_1.1.ep7.el6?arch=i686" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "product": { "name": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "product_id": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux@1.0.6-14.Final_redhat_1.1.ep7.el6?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.noarch" }, "product_reference": "eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.src" }, "product_reference": "eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el6.noarch" }, "product_reference": "eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el6.noarch" }, "product_reference": "eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el6.noarch" }, "product_reference": "eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.src" }, "product_reference": "eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686 as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686" }, "product_reference": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64" }, "product_reference": "eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686 as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686" }, "product_reference": "eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64" }, "product_reference": "eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-12624", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-11-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1515976" } ], "notes": [ { "category": "description", "text": "Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property \"attachment-max-header-size\".", "title": "Vulnerability description" }, { "category": "summary", "text": "cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-12624" }, { "category": "external", "summary": "RHBZ#1515976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515976" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-12624", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12624" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12624", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12624" } ], "release_date": "2017-11-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-15T11:31:11+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2423" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services" }, { "cve": "CVE-2018-8039", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "discovery_date": "2018-06-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1595332" } ], "notes": [ { "category": "description", "text": "It was discovered that when Apache CXF is configured to use the system property com.sun.net.ssl.internal.www.protocol ,it uses reflection to make the HostnameVerifier work with old com.sun.net.ssl.HostnameVerifier interface. Although the CXF implementation throws an exception, which is caught in the reflection code but it is not properly propagated, this can lead to a man-in-the-middle attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Logging the openshift-logging/elasticsearch6-rhel8 container bundles the vulnerable version of apache-cxf, but the vulnerable class is not shipped, hence this component is not affected by this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8039" }, { "category": "external", "summary": "RHBZ#1595332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8039", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8039" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8039", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8039" }, { "category": "external", "summary": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1\u0026modificationDate=1530184663000\u0026api=v2", "url": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1\u0026modificationDate=1530184663000\u0026api=v2" } ], "release_date": "2018-06-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-15T11:31:11+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2423" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*" }, { "cve": "CVE-2018-10237", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2018-05-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1573391" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Guava where the AtomicDoubleArray and CompoundOrdering classes were found to allocate memory based on size fields sent by the client without validation. A crafted message could cause the server to consume all available memory or crash leading to a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Openshift Application Runtimes: Eclipse Vert.x is not exploitable by this flaw, though the vulnerable code is a transient dependency to the product. This issue may be addressed in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10237" }, { "category": "external", "summary": "RHBZ#1573391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573391" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10237", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10237" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237" }, { "category": "external", "summary": "https://github.com/google/guava/wiki/CVE-2018-10237", "url": "https://github.com/google/guava/wiki/CVE-2018-10237" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/guava-announce/xqWALw4W1vs/discussion", "url": "https://groups.google.com/forum/#!topic/guava-announce/xqWALw4W1vs/discussion" } ], "release_date": "2018-04-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-15T11:31:11+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2423" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service" }, { "cve": "CVE-2018-10862", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2018-06-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1593527" } ], "notes": [ { "category": "description", "text": "It was found that the explode function of the deployment utility in jboss-cli and console that allows extraction of files from an archive does not perform necessary validation for directory traversal. This can lead to remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability can only be exploited by users with deployment permissions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10862" }, { "category": "external", "summary": "RHBZ#1593527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10862", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10862" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862" }, { "category": "external", "summary": "https://snyk.io/research/zip-slip-vulnerability", "url": "https://snyk.io/research/zip-slip-vulnerability" } ], "release_date": "2018-06-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-15T11:31:11+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2423" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.0" }, "products": [ "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)" }, { "cve": "CVE-2018-1000180", "cwe": { "id": "CWE-325", "name": "Missing Cryptographic Step" }, "discovery_date": "2018-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1588306" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in BouncyCastle. The number of iterations of the Miller-Rabin primality test was incorrectly calculated (according to FIPS 186-4 C.3). Under some circumstances, this could lead to the generation of weak RSA key pairs.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: flaw in the low-level interface to RSA key pair generator", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of bouncycastle as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Moderate. No update is planned for this product at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nRed Hat Satellite 6.5 isn\u0027t vulnerable to this issue, since it doesn\u0027t ship bouncycastle jar file anymore.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1000180" }, { "category": "external", "summary": "RHBZ#1588306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588306" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000180", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000180" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000180", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000180" } ], "release_date": "2018-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-15T11:31:11+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2423" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.013-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.013-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-0:1.56.0-5.redhat_3.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-bouncycastle-mail-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-pkix-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-bouncycastle-prov-0:1.56.0-5.redhat_3.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-guava-libraries-0:25.0.0-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.15-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.15-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jberet-0:1.2.6-2.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jberet-core-0:1.2.6-2.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.11-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-remoting-0:5.0.8-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.6-4.Final_redhat_4.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.6-4.Final_redhat_4.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-0:5.5.32-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-narayana-compensations-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbosstxbridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jbossxts-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-idlj-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-jts-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-api-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-bridge-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-integration-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-restat-util-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-narayana-txframework-0:5.5.32-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-0:3.0.26-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-resteasy-atom-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-cdi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-client-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-crypto-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jackson2-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxb-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jaxrs-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jettison-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jose-jwt-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-jsapi-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-json-p-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-multipart-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-spring-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-validator-provider-11-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-resteasy-yaml-provider-0:3.0.26-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-7.SP8_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.4-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.4-2.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.4-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-naming-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.i686", "6Server-JBEAP-7.1:eap7-wildfly-openssl-linux-debuginfo-0:1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-transaction-client-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.18-1.Final_redhat_1.1.ep7.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: flaw in the low-level interface to RSA key pair generator" } ] }
gsd-2018-10862
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2018-10862", "description": "WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the \u0027Zip Slip\u0027 vulnerability.", "id": "GSD-2018-10862", "references": [ "https://access.redhat.com/errata/RHSA-2020:2562", "https://access.redhat.com/errata/RHSA-2020:2321", "https://access.redhat.com/errata/RHSA-2019:0877", "https://access.redhat.com/errata/RHSA-2018:2643", "https://access.redhat.com/errata/RHSA-2018:2428", "https://access.redhat.com/errata/RHSA-2018:2425", "https://access.redhat.com/errata/RHSA-2018:2424", "https://access.redhat.com/errata/RHSA-2018:2423", "https://access.redhat.com/errata/RHSA-2018:2279", "https://access.redhat.com/errata/RHSA-2018:2277", "https://access.redhat.com/errata/RHSA-2018:2276" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2018-10862" ], "details": "WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the \u0027Zip Slip\u0027 vulnerability.", "id": "GSD-2018-10862", "modified": "2023-12-13T01:22:40.886724Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-10862", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the \u0027Zip Slip\u0027 vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://snyk.io/research/zip-slip-vulnerability", "refsource": "MISC", "url": "https://snyk.io/research/zip-slip-vulnerability" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862" }, { "name": "RHSA-2018:2428", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2428" }, { "name": "RHSA-2018:2643", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2643" }, { "name": "RHSA-2018:2279", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2279" }, { "name": "RHSA-2018:2424", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2424" }, { "name": "RHSA-2018:2276", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2276" }, { "name": "RHSA-2018:2423", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2423" }, { "name": "RHSA-2018:2425", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2425" }, { "name": "RHSA-2018:2277", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2277" }, { "name": "RHSA-2019:0877", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0877" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "(,6.0.0.Alpha2]", "affected_versions": "All versions up to 6.0.0.alpha2", "cvss_v2": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "cwe_ids": [ "CWE-1035", "CWE-22", "CWE-937" ], "date": "2022-06-29", "description": "WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the \u0027Zip Slip\u0027 vulnerability.", "fixed_versions": [ "6.0.0.Alpha3" ], "identifier": "CVE-2018-10862", "identifiers": [ "GHSA-w8r2-5j8x-x8j6", "CVE-2018-10862" ], "not_impacted": "All versions after 6.0.0.alpha2", "package_slug": "maven/org.wildfly.core/wildfly-server", "pubdate": "2022-05-14", "solution": "Upgrade to version 6.0.0.Alpha3 or above.", "title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2018-10862", "https://access.redhat.com/errata/RHSA-2018:2276", "https://access.redhat.com/errata/RHSA-2018:2277", "https://access.redhat.com/errata/RHSA-2018:2279", "https://access.redhat.com/errata/RHSA-2018:2423", "https://access.redhat.com/errata/RHSA-2018:2424", "https://access.redhat.com/errata/RHSA-2018:2425", "https://access.redhat.com/errata/RHSA-2018:2428", "https://access.redhat.com/errata/RHSA-2018:2643", "https://access.redhat.com/errata/RHSA-2019:0877", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862", "https://snyk.io/research/zip-slip-vulnerability", "https://github.com/advisories/GHSA-w8r2-5j8x-x8j6" ], "uuid": "c95e6e3a-e756-48eb-9300-0f644c6c30fd" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:wildfly_core:6.0.0:alpha1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:wildfly_core:6.0.0:alpha2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:wildfly_core:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.0.0", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-10862" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the \u0027Zip Slip\u0027 vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-22" } ] } ] }, "references": { "reference_data": [ { "name": "https://snyk.io/research/zip-slip-vulnerability", "refsource": "MISC", "tags": [ "Third Party Advisory" ], "url": "https://snyk.io/research/zip-slip-vulnerability" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862", "refsource": "CONFIRM", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862" }, { "name": "RHSA-2018:2279", "refsource": "REDHAT", "tags": [ "Vendor Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:2279" }, { "name": "RHSA-2018:2277", "refsource": "REDHAT", "tags": [ "Vendor Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:2277" }, { "name": "RHSA-2018:2276", "refsource": "REDHAT", "tags": [ "Vendor Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:2276" }, { "name": "RHSA-2018:2428", "refsource": "REDHAT", "tags": [ "Vendor Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:2428" }, { "name": "RHSA-2018:2425", "refsource": "REDHAT", "tags": [ "Vendor Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:2425" }, { "name": "RHSA-2018:2424", "refsource": "REDHAT", "tags": [ "Vendor Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:2424" }, { "name": "RHSA-2018:2423", "refsource": "REDHAT", "tags": [ "Vendor Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:2423" }, { "name": "RHSA-2018:2643", "refsource": "REDHAT", "tags": [ "Vendor Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:2643" }, { "name": "RHSA-2019:0877", "refsource": "REDHAT", "tags": [ "Vendor Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:0877" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "exploitabilityScore": 1.8, "impactScore": 3.6 } }, "lastModifiedDate": "2019-04-26T15:08Z", "publishedDate": "2018-07-27T14:29Z" } } }
ghsa-w8r2-5j8x-x8j6
Vulnerability from github
Published
2022-05-14 01:06
Modified
2022-06-29 23:30
Severity ?
Summary
Improper Limitation of a Pathname to a Restricted Directory in WildFly
Details
WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.
{ "affected": [ { "database_specific": { "last_known_affected_version_range": "\u003c= 6.0.0.Alpha2" }, "package": { "ecosystem": "Maven", "name": "org.wildfly.core:wildfly-server" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "6.0.0.Alpha3" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2018-10862" ], "database_specific": { "cwe_ids": [ "CWE-22" ], "github_reviewed": true, "github_reviewed_at": "2022-06-29T23:30:02Z", "nvd_published_at": "2018-07-27T14:29:00Z", "severity": "MODERATE" }, "details": "WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the \u0027Zip Slip\u0027 vulnerability.", "id": "GHSA-w8r2-5j8x-x8j6", "modified": "2022-06-29T23:30:02Z", "published": "2022-05-14T01:06:25Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:2276" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:2277" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:2279" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:2423" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:2424" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:2425" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:2428" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:2643" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2019:0877" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862" }, { "type": "WEB", "url": "https://snyk.io/research/zip-slip-vulnerability" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" } ], "summary": "Improper Limitation of a Pathname to a Restricted Directory in WildFly" }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.