Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-20289 (GCVE-0-2021-20289)
Vulnerability from cvelistv5 – Published: 2021-03-26 16:28 – Updated: 2024-08-03 17:37
VLAI?
EPSS
Summary
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
Severity ?
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1935927 | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "resteasy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "resteasy 3.11.5.Final, resteasy 3.15.2.Final, resteasy 4.5.10.Final, resteasy 4.6.1.Final, resteasy 4.6.2.Final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:23:45.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "resteasy",
"version": {
"version_data": [
{
"version_value": "resteasy 3.11.5.Final, resteasy 3.15.2.Final, resteasy 4.5.10.Final, resteasy 4.6.1.Final, resteasy 4.6.2.Final"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20289",
"datePublished": "2021-03-26T16:28:44.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:37:23.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-20289",
"date": "2026-05-19",
"epss": "0.00084",
"percentile": "0.24234"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.6.0\", \"matchCriteriaId\": \"EDB9A229-3B62-487E-B31D-580445DAFE8D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.13.4\", \"matchCriteriaId\": \"5D115261-69F8-4854-B5DE-656858132B62\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DAAB7154-4DE8-4806-86D0-C1D33B84417B\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un fallo en RESTEasy en todas las versiones de RESTEasy hasta 4.6.0.Final.\u0026#xa0;Los nombres de m\\u00e9todos y clases de endpoint son devueltos como parte de la respuesta de excepci\\u00f3n cuando RESTEasy no puede convertir uno de los valores de consulta o ruta del URI de petici\\u00f3n a el valor del par\\u00e1metro de m\\u00e9todo del recurso JAX-RS correspondiente.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos.\"}]",
"id": "CVE-2021-20289",
"lastModified": "2024-11-21T05:46:17.387",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-03-26T17:15:13.217",
"references": "[{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1935927\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1935927\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-209\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-209\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-20289\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-03-26T17:15:13.217\",\"lastModified\":\"2024-11-21T05:46:17.387\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un fallo en RESTEasy en todas las versiones de RESTEasy hasta 4.6.0.Final.\u0026#xa0;Los nombres de m\u00e9todos y clases de endpoint son devueltos como parte de la respuesta de excepci\u00f3n cuando RESTEasy no puede convertir uno de los valores de consulta o ruta del URI de petici\u00f3n a el valor del par\u00e1metro de m\u00e9todo del recurso JAX-RS correspondiente.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-209\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-209\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.6.0\",\"matchCriteriaId\":\"EDB9A229-3B62-487E-B31D-580445DAFE8D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.13.4\",\"matchCriteriaId\":\"5D115261-69F8-4854-B5DE-656858132B62\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAAB7154-4DE8-4806-86D0-C1D33B84417B\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1935927\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1935927\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
BDU:2022-02827
Vulnerability from fstec - Published: 26.03.2021
VLAI Severity ?
Title
Уязвимость программного средства RESTEasy, связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию
Description
Уязвимость программного средства RESTEasy связана с отсутствием защиты служебных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, раскрыть защищаемую информацию
Severity ?
Vendor
Red Hat Inc., ООО «Ред Софт», Oracle Corp.
Software Name
Red Hat Enterprise Linux, OpenShift Application Runtimes, JBoss Enterprise Application Platform, Red Hat Single Sign-On, Red Hat AMQ Broker, JBoss A-MQ, Red Hat Integration Camel Quarkus, Red Hat CodeReady Studio, РЕД ОС (запись в едином реестре российских программ №3751), Oracle Communications Cloud Native Core Console
Software Version
8 (Red Hat Enterprise Linux), 1.0 (OpenShift Application Runtimes), 7 (JBoss Enterprise Application Platform), 7 (Red Hat Single Sign-On), 7.3 for RHEL 6 (JBoss Enterprise Application Platform), 7.3 for RHEL 7 (JBoss Enterprise Application Platform), 7.3 for RHEL 8 (JBoss Enterprise Application Platform), 7 (Red Hat AMQ Broker), 7 (JBoss A-MQ), 7.4 for RHEL 7 (Red Hat Single Sign-On), 7.4 for RHEL 8 (Red Hat Single Sign-On), - (Red Hat Integration Camel Quarkus), 12 (Red Hat CodeReady Studio), 7.3 (РЕД ОС), 1.9.0 (Oracle Communications Cloud Native Core Console), 7.4 for RHEL 8 (JBoss Enterprise Application Platform), 7.4 on RHEL 7 (JBoss Enterprise Application Platform)
Possible Mitigations
Использование рекомендаций:
Для программных продуктов Oracle Corp.:
https://www.oracle.com/security-alerts/cpuapr2022.html
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2021-20289
Для РедОС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Reference
https://www.oracle.com/security-alerts/cpuapr2022.html
https://bugzilla.redhat.com/show_bug.cgi?id=1935927
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
CWE
CWE-200, CWE-209
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Oracle Corp.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8 (Red Hat Enterprise Linux), 1.0 (OpenShift Application Runtimes), 7 (JBoss Enterprise Application Platform), 7 (Red Hat Single Sign-On), 7.3 for RHEL 6 (JBoss Enterprise Application Platform), 7.3 for RHEL 7 (JBoss Enterprise Application Platform), 7.3 for RHEL 8 (JBoss Enterprise Application Platform), 7 (Red Hat AMQ Broker), 7 (JBoss A-MQ), 7.4 for RHEL 7 (Red Hat Single Sign-On), 7.4 for RHEL 8 (Red Hat Single Sign-On), - (Red Hat Integration Camel Quarkus), 12 (Red Hat CodeReady Studio), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.9.0 (Oracle Communications Cloud Native Core Console), 7.4 for RHEL 8 (JBoss Enterprise Application Platform), 7.4 on RHEL 7 (JBoss Enterprise Application Platform)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle Corp.:\nhttps://www.oracle.com/security-alerts/cpuapr2022.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2021-20289\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: \nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "26.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.09.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "11.05.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-02827",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-20289",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, OpenShift Application Runtimes, JBoss Enterprise Application Platform, Red Hat Single Sign-On, Red Hat AMQ Broker, JBoss A-MQ, Red Hat Integration Camel Quarkus, Red Hat CodeReady Studio, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Oracle Communications Cloud Native Core Console",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 RESTEasy, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u043b\u0443\u0436\u0435\u0431\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200), \u0423\u0442\u0435\u0447\u043a\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0432 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f\u0445 \u043e\u0431 \u043e\u0448\u0438\u0431\u043a\u0430\u0445 (CWE-209)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 RESTEasy \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u043b\u0443\u0436\u0435\u0431\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.oracle.com/security-alerts/cpuapr2022.html\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1935927\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200, CWE-209",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,3)"
}
FKIE_CVE-2021-20289
Vulnerability from fkie_nvd - Published: 2021-03-26 17:15 - Updated: 2024-11-21 05:46
Severity ?
Summary
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1935927 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1935927 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | resteasy | * | |
| netapp | oncommand_insight | - | |
| quarkus | quarkus | * | |
| oracle | communications_cloud_native_core_console | 1.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB9A229-3B62-487E-B31D-580445DAFE8D",
"versionEndIncluding": "4.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D115261-69F8-4854-B5DE-656858132B62",
"versionEndExcluding": "1.13.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality."
},
{
"lang": "es",
"value": "Se detect\u00f3 un fallo en RESTEasy en todas las versiones de RESTEasy hasta 4.6.0.Final.\u0026#xa0;Los nombres de m\u00e9todos y clases de endpoint son devueltos como parte de la respuesta de excepci\u00f3n cuando RESTEasy no puede convertir uno de los valores de consulta o ruta del URI de petici\u00f3n a el valor del par\u00e1metro de m\u00e9todo del recurso JAX-RS correspondiente.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos."
}
],
"id": "CVE-2021-20289",
"lastModified": "2024-11-21T05:46:17.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-26T17:15:13.217",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
GHSA-244R-FCJ3-GHJQ
Vulnerability from github – Published: 2021-04-07 21:51 – Updated: 2022-04-22 15:49
VLAI?
Summary
Exposure of class information in RESTEasy
Details
A flaw was found in RESTEasy in all current versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
Severity ?
5.3 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jboss.resteasy:resteasy-core"
},
"ranges": [
{
"events": [
{
"introduced": "4.6.0"
},
{
"fixed": "4.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.jboss.resteasy:resteasy-core"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.5.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.jboss.resteasy:resteasy-core"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.16.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-20289"
],
"database_specific": {
"cwe_ids": [
"CWE-209",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2021-03-31T22:37:48Z",
"nvd_published_at": "2021-03-26T17:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in RESTEasy in all current versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality.",
"id": "GHSA-244r-fcj3-ghjq",
"modified": "2022-04-22T15:49:36Z",
"published": "2021-04-07T21:51:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20289"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941544"
},
{
"type": "WEB",
"url": "https://issues.redhat.com/browse/RESTEASY-2843"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210528-0008"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Exposure of class information in RESTEasy"
}
GSD-2021-20289
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-20289",
"description": "A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality.",
"id": "GSD-2021-20289",
"references": [
"https://access.redhat.com/errata/RHSA-2022:0164",
"https://access.redhat.com/errata/RHSA-2022:0155",
"https://access.redhat.com/errata/RHSA-2022:0152",
"https://access.redhat.com/errata/RHSA-2022:0151",
"https://access.redhat.com/errata/RHSA-2022:0146",
"https://access.redhat.com/errata/RHSA-2021:5170",
"https://access.redhat.com/errata/RHSA-2021:5154",
"https://access.redhat.com/errata/RHSA-2021:5151",
"https://access.redhat.com/errata/RHSA-2021:5150",
"https://access.redhat.com/errata/RHSA-2021:5149",
"https://access.redhat.com/errata/RHSA-2021:4767",
"https://access.redhat.com/errata/RHSA-2021:4679",
"https://access.redhat.com/errata/RHSA-2021:4677",
"https://access.redhat.com/errata/RHSA-2021:4676",
"https://access.redhat.com/errata/RHSA-2021:4100",
"https://access.redhat.com/errata/RHSA-2021:3880",
"https://access.redhat.com/errata/RHSA-2021:3700",
"https://access.redhat.com/errata/RHSA-2022:1179",
"https://access.redhat.com/errata/RHSA-2022:6407"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-20289"
],
"details": "A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality.",
"id": "GSD-2021-20289",
"modified": "2023-12-13T01:23:12.466857Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "resteasy",
"version": {
"version_data": [
{
"version_value": "resteasy 3.11.5.Final, resteasy 3.15.2.Final, resteasy 4.5.10.Final, resteasy 4.6.1.Final, resteasy 4.6.2.Final"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[,3.11.5),[3.15.0,3.15.2),[4.5.0,4.5.10),[4.6.0,4.7.0)",
"affected_versions": "All versions before 3.11.5, all versions starting from 3.15.0 before 3.15.2, all versions starting from 4.5.0 before 4.5.10, all versions starting from 4.6.0 before 4.7.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-209",
"CWE-937"
],
"date": "2022-05-10",
"description": "A flaw was found in RESTEasy where the endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality.",
"fixed_versions": [
"3.11.5.Final",
"3.15.2.Final",
"4.5.10.Final",
"4.7.0.Final"
],
"identifier": "CVE-2021-20289",
"identifiers": [
"CVE-2021-20289"
],
"not_impacted": "All versions starting from 3.11.5 before 3.15.0, all versions starting from 3.15.2 before 4.5.0, all versions starting from 4.5.10 before 4.6.0, all versions starting from 4.7.0",
"package_slug": "maven/org.jboss.resteasy/resteasy-client",
"pubdate": "2021-03-26",
"solution": "Upgrade to version 3.11.5.Final, 3.15.2.Final, 4.5.10.Final, 4.7.0.Final or above.",
"title": "Information Exposure Through an Error Message",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-20289",
"https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
],
"uuid": "230528e6-fb2f-454a-afa3-773e476577e4"
},
{
"affected_range": "[,3.11.5),[3.15.0,3.15.2),[4.5.0,4.5.10),[4.6.0,4.7.0)",
"affected_versions": "All versions before 3.11.5, all versions starting from 3.15.0 before 3.15.2, all versions starting from 4.5.0 before 4.5.10, all versions starting from 4.6.0 before 4.7.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-209",
"CWE-937"
],
"date": "2022-05-10",
"description": "A flaw was found in RESTEasy in all versions of RESTEasy up to Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality.",
"fixed_versions": [
"3.11.5.Final",
"3.15.2.Final",
"4.5.10.Final",
"4.7.0.Final"
],
"identifier": "CVE-2021-20289",
"identifiers": [
"CVE-2021-20289"
],
"not_impacted": "All versions starting from 3.11.5 before 3.15.0, all versions starting from 3.15.2 before 4.5.0, all versions starting from 4.5.10 before 4.6.0, all versions starting from 4.7.0",
"package_slug": "maven/org.jboss.resteasy/resteasy-core",
"pubdate": "2021-03-26",
"solution": "Upgrade to version 3.11.5.Final, 3.15.2.Final, 4.5.10.Final, 4.7.0.Final or above.",
"title": "Information Exposure Through an Error Message",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-20289",
"https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
],
"uuid": "748b65a3-11ae-4a0b-b580-c808c28dc1a3"
},
{
"affected_range": "[,3.11.5),[3.15.0,3.15.2),[4.5.0,4.5.10),[4.6.0,4.7.0)",
"affected_versions": "All versions before 3.11.5, all versions starting from 3.15.0 before 3.15.2, all versions starting from 4.5.0 before 4.5.10, all versions starting from 4.6.0 before 4.7.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-209",
"CWE-937"
],
"date": "2022-05-10",
"description": "A flaw was found in RESTEasy where the endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality.",
"fixed_versions": [
"3.11.5.Final",
"3.15.2.Final",
"4.5.10.Final",
"4.7.0.Final"
],
"identifier": "CVE-2021-20289",
"identifiers": [
"CVE-2021-20289"
],
"not_impacted": "All versions starting from 3.11.5 before 3.15.0, all versions starting from 3.15.2 before 4.5.0, all versions starting from 4.5.10 before 4.6.0, all versions starting from 4.7.0",
"package_slug": "maven/org.jboss.resteasy/resteasy-jaxrs",
"pubdate": "2021-03-26",
"solution": "Upgrade to version 3.11.5.Final, 3.15.2.Final, 4.5.10.Final, 4.7.0.Final or above.",
"title": "Information Exposure Through an Error Message",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-20289",
"https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
],
"uuid": "d2c68231-f968-4f12-a11f-5ee01b396c0c"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.6.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.13.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20289"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
},
"lastModifiedDate": "2022-05-10T15:45Z",
"publishedDate": "2021-03-26T17:15Z"
}
}
}
RHSA-2021:3700
Vulnerability from csaf_redhat - Published: 2021-09-30 09:57 - Updated: 2026-05-14 22:30Summary
Red Hat Security Advisory: Red Hat AMQ Broker 7.9.0 release and security update
Severity
Moderate
Notes
Topic: Red Hat AMQ Broker 7.9.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.
This release of Red Hat AMQ Broker 7.9.0 serves as a replacement for Red Hat AMQ Broker 7.8.2, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* httpclient: apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)
* jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS (CVE-2020-27223)
* resteasy-jaxrs: resteasy: Error message exposes endpoint class information (CVE-2021-20289)
* netty: Information disclosure via the local system temporary directory (CVE-2021-21290)
* netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)
* netty: Request smuggling via content-length header (CVE-2021-21409)
* jetty-server: jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163)
* jetty-server: jetty: Ambiguous paths can access WEB-INF (CVE-2021-28164)
* jetty-server: jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165)
* jetty-server: jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory (CVE-2021-28169)
* commons-io: apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425)
* broker: Red Hat AMQ Broker: discloses JDBC username and password in the application log file (CVE-2021-3425)
* jetty-server: jetty: SessionListener can prevent a session from being invalidated breaking logout (CVE-2021-34428)
* jetty-server: jetty: crafted URIs allow bypassing security constraints (CVE-2021-34429)
* broker: AMQ Broker 7: Incorrect privilege in Management Console (CVE-2021-3763)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ 7.9.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ 7.9.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable.
4.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ 7.9.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity.
4.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ 7.9.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ 7.9.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
In Netty there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used, a local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure.
6.2 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ 7.9.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ 7.9.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ 7.9.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
If the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink the contents of the ${jetty.base}/webapps directory may be deployed as a static web application, exposing the content of the directory for download. The highest threat from this vulnerability is to data confidentiality.
CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ 7.9.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
In Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can use this vulnerability to reveal sensitive information regarding the implementation of a web application.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ 7.9.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ 7.9.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ 7.9.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
4.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ 7.9.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was discovered in the jetty-server, where if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts, this could result in a session not being invalidated and a shared-computer application being left logged in. The highest threat from this vulnerability is to data confidentiality and integrity.
CWE-613 - Insufficient Session ExpirationAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ 7.9.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ 7.9.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
88 references
Acknowledgments
Red Hat
Wai Chun Hui
Red Hat
Mudassar Iqbal
NTT DATA Germany
Dirk Papenberg
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Broker 7.9.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. \n\nThis release of Red Hat AMQ Broker 7.9.0 serves as a replacement for Red Hat AMQ Broker 7.8.2, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* httpclient: apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)\n\n* jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS (CVE-2020-27223)\n\n* resteasy-jaxrs: resteasy: Error message exposes endpoint class information (CVE-2021-20289)\n\n* netty: Information disclosure via the local system temporary directory (CVE-2021-21290)\n\n* netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* jetty-server: jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163)\n\n* jetty-server: jetty: Ambiguous paths can access WEB-INF (CVE-2021-28164)\n\n* jetty-server: jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165)\n\n* jetty-server: jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory (CVE-2021-28169)\n\n* commons-io: apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425)\n\n* broker: Red Hat AMQ Broker: discloses JDBC username and password in the application log file (CVE-2021-3425)\n\n* jetty-server: jetty: SessionListener can prevent a session from being invalidated breaking logout (CVE-2021-34428)\n\n* jetty-server: jetty: crafted URIs allow bypassing security constraints (CVE-2021-34429)\n\n* broker: AMQ Broker 7: Incorrect privilege in Management Console (CVE-2021-3763)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:3700",
"url": "https://access.redhat.com/errata/RHSA-2021:3700"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.9.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.9.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_amq/2021.q4",
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/2021.q4"
},
{
"category": "external",
"summary": "1886587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886587"
},
{
"category": "external",
"summary": "1927028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927028"
},
{
"category": "external",
"summary": "1934116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934116"
},
{
"category": "external",
"summary": "1935927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"category": "external",
"summary": "1936629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936629"
},
{
"category": "external",
"summary": "1937364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937364"
},
{
"category": "external",
"summary": "1944888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
},
{
"category": "external",
"summary": "1945710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945710"
},
{
"category": "external",
"summary": "1945712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945712"
},
{
"category": "external",
"summary": "1945714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945714"
},
{
"category": "external",
"summary": "1948752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948752"
},
{
"category": "external",
"summary": "1971016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971016"
},
{
"category": "external",
"summary": "1974891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974891"
},
{
"category": "external",
"summary": "1985223",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1985223"
},
{
"category": "external",
"summary": "2000654",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000654"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3700.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Broker 7.9.0 release and security update",
"tracking": {
"current_release_date": "2026-05-14T22:30:29+00:00",
"generator": {
"date": "2026-05-14T22:30:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2021:3700",
"initial_release_date": "2021-09-30T09:57:35+00:00",
"revision_history": [
{
"date": "2021-09-30T09:57:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-09-30T09:57:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:30:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ 7.9.0",
"product": {
"name": "Red Hat AMQ 7.9.0",
"product_id": "Red Hat AMQ 7.9.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_broker:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss AMQ"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13956",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-10-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1886587"
}
],
"notes": [
{
"category": "description",
"text": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-httpclient: incorrect handling of malformed authority component in request URIs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable httpclient library to authenticated users only. Additionally the vulnerable httpclient library is not used directly in OCP components, therefore the impact by this vulnerability is Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\nIn the Red Hat Enterprise Linux platforms, Maven 35 and 36 are affected via their respective `httpcomponents-client` component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-13956"
},
{
"category": "external",
"summary": "RHBZ#1886587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886587"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-13956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2020/10/08/4",
"url": "https://www.openwall.com/lists/oss-security/2020/10/08/4"
}
],
"release_date": "2020-10-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-30T09:57:35+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3700"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "apache-httpclient: incorrect handling of malformed authority component in request URIs"
},
{
"cve": "CVE-2020-27223",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1934116"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of \u201cquality\u201d (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-27223"
},
{
"category": "external",
"summary": "RHBZ#1934116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934116"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-27223",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27223"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7"
}
],
"release_date": "2021-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-30T09:57:35+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3700"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AMQ 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS"
},
{
"acknowledgments": [
{
"names": [
"Wai Chun Hui"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2021-3425",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2021-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1936629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Broker: discloses JDBC username and password in the application log file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3425"
},
{
"category": "external",
"summary": "RHBZ#1936629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3425"
}
],
"release_date": "2021-03-08T20:30:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-30T09:57:35+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3700"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Broker: discloses JDBC username and password in the application log file"
},
{
"acknowledgments": [
{
"names": [
"Mudassar Iqbal"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2021-3763",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2021-06-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2000654"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "7: Incorrect privilege in Management Console",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3763"
},
{
"category": "external",
"summary": "RHBZ#2000654",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000654"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3763",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3763"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3763",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3763"
}
],
"release_date": "2021-08-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-30T09:57:35+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3700"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "7: Incorrect privilege in Management Console"
},
{
"acknowledgments": [
{
"names": [
"Dirk Papenberg"
],
"organization": "NTT DATA Germany"
}
],
"cve": "CVE-2021-20289",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2021-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1935927"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "resteasy: Error message exposes endpoint class information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-20289"
},
{
"category": "external",
"summary": "RHBZ#1935927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-20289",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20289"
}
],
"release_date": "2021-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-30T09:57:35+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3700"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "resteasy: Error message exposes endpoint class information"
},
{
"cve": "CVE-2021-21290",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1927028"
}
],
"notes": [
{
"category": "description",
"text": "In Netty there is a vulnerability on Unix-like systems involving an insecure temp file. When netty\u0027s multipart decoders are used, a local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Information disclosure via the local system temporary directory",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21290"
},
{
"category": "external",
"summary": "RHBZ#1927028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927028"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21290"
}
],
"release_date": "2021-02-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-30T09:57:35+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3700"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: Information disclosure via the local system temporary directory"
},
{
"cve": "CVE-2021-21295",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2021-03-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1937364"
}
],
"notes": [
{
"category": "description",
"text": "In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel\u0027s pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: possible request smuggling in HTTP/2 due missing validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21295"
},
{
"category": "external",
"summary": "RHBZ#1937364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937364"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21295",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21295"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj",
"url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
}
],
"release_date": "2021-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-30T09:57:35+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3700"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: possible request smuggling in HTTP/2 due missing validation"
},
{
"cve": "CVE-2021-21409",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2021-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1944888"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Request smuggling via content-length header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite ships a vulnerable Netty version embedded in Candlepin. However, it is not directly vulnerable since the HTTP requests are handled by Tomcat and not by Netty.\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21409"
},
{
"category": "external",
"summary": "RHBZ#1944888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
"url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
}
],
"release_date": "2021-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-30T09:57:35+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3700"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: Request smuggling via content-length header"
},
{
"cve": "CVE-2021-28163",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1945710"
}
],
"notes": [
{
"category": "description",
"text": "If the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink the contents of the ${jetty.base}/webapps directory may be deployed as a static web application, exposing the content of the directory for download. The highest threat from this vulnerability is to data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: Symlink directory exposes webapp directory contents",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated\n\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nRed Hat CodeReady Studio 12 is not affected by this vulnerability because it does not ship a vulnerable version of jetty.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-28163"
},
{
"category": "external",
"summary": "RHBZ#1945710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945710"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-28163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28163"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq"
}
],
"release_date": "2021-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-30T09:57:35+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3700"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: Symlink directory exposes webapp directory contents"
},
{
"cve": "CVE-2021-28164",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1945712"
}
],
"notes": [
{
"category": "description",
"text": "In Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can use this vulnerability to reveal sensitive information regarding the implementation of a web application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: Ambiguous paths can access WEB-INF",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nRed Hat CodeReady Studio 12 is not affected by this vulnerability because it does not ship a vulnerable version of jetty.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-28164"
},
{
"category": "external",
"summary": "RHBZ#1945712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945712"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-28164",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28164"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5"
}
],
"release_date": "2021-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-30T09:57:35+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3700"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: Ambiguous paths can access WEB-INF"
},
{
"cve": "CVE-2021-28165",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1945714"
}
],
"notes": [
{
"category": "description",
"text": "When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: Resource exhaustion when receiving an invalid large TLS frame",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated\n\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-28165"
},
{
"category": "external",
"summary": "RHBZ#1945714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-28165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28165",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28165"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w"
}
],
"release_date": "2021-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-30T09:57:35+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3700"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: Resource exhaustion when receiving an invalid large TLS frame"
},
{
"cve": "CVE-2021-28169",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-06-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1971016"
}
],
"notes": [
{
"category": "description",
"text": "For Eclipse Jetty versions \u003c= 9.4.40, \u003c= 10.0.2, \u003c= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated\n\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nRed Hat CodeReady Studio 12 is not affected by this flaw because it does not ship the vulnerable components (ConcatServlet or WelcomeFilter) of jetty.\n\nRed Hat Enterprise Linux 8 is not affected by this flaw because it does not ship the vulnerable components (ConcatServlet or WelcomeFilter) of jetty.\n\nRed Hat Enterprise Linux 7 ships the vulnerable component of jetty, but only in the optional repository and thus this flaw is out of support scope for Red Hat Enterprise Linux 7.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-28169"
},
{
"category": "external",
"summary": "RHBZ#1971016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-28169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28169"
}
],
"release_date": "2021-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-30T09:57:35+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3700"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory"
},
{
"cve": "CVE-2021-29425",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2021-04-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1948752"
}
],
"notes": [
{
"category": "description",
"text": "In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like \"//../foo\", or \"\\\\..\\foo\", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus \"limited\" path traversal), if the calling code would use the result to construct a path value.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While the apache-commons-io package included in Red Hat Enterprise Linux 8 Maven App Stream contains the vulnerable code, it is not used in any way by Maven or other packages in this module. This package is not an API component of Maven, thus the affected code can not be reached in any supported scenario.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-29425"
},
{
"category": "external",
"summary": "RHBZ#1948752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948752"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29425"
}
],
"release_date": "2021-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-30T09:57:35+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3700"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6"
},
{
"cve": "CVE-2021-34428",
"cwe": {
"id": "CWE-613",
"name": "Insufficient Session Expiration"
},
"discovery_date": "2021-06-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1974891"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in the jetty-server, where if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts, this could result in a session not being invalidated and a shared-computer application being left logged in. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: SessionListener can prevent a session from being invalidated breaking logout",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jetty. Since the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix. This may be fixed in the future.\n\nOCP 3.11 is out of the support scope for Moderate and Low impact vulnerabilities because is already in the Maintenance Support phase, hence the affected OCP 3.11 component has been marked as wontifx.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-34428"
},
{
"category": "external",
"summary": "RHBZ#1974891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-34428",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34428"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6"
}
],
"release_date": "2021-06-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-30T09:57:35+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3700"
},
{
"category": "workaround",
"details": "Applications should catch all Throwables within their SessionListener#sessionDestroyed() implementations.",
"product_ids": [
"Red Hat AMQ 7.9.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jetty: SessionListener can prevent a session from being invalidated breaking logout"
},
{
"cve": "CVE-2021-34429",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-07-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1985223"
}
],
"notes": [
{
"category": "description",
"text": "For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 \u0026 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: crafted URIs allow bypassing security constraints",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OCP 3.11 is out of the support scope for Moderate and Low impact vulnerabilities because is already in the Maintenance Support phase, hence the affected OCP 3.11 component has been marked as \"ooss\".\n\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-34429"
},
{
"category": "external",
"summary": "RHBZ#1985223",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1985223"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-34429",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34429"
}
],
"release_date": "2021-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-30T09:57:35+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3700"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: crafted URIs allow bypassing security constraints"
}
]
}
RHSA-2021:3880
Vulnerability from csaf_redhat - Published: 2021-10-20 11:29 - Updated: 2026-05-14 22:31Summary
Red Hat Security Advisory: Red Hat build of Quarkus 2.2.3 release and security update
Severity
Moderate
Notes
Topic: An update is now available for Red Hat build of Quarkus.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.
Details: This release of Red Hat build of Quarkus 2.2.3 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section.
Security Fix(es):
* maven: Block repositories using http by default (CVE-2021-26291)
* jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)
* wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642)
* netty: Information disclosure via the local system temporary directory (CVE-2021-21290)
* netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)
* netty: Request smuggling via content-length header (CVE-2021-21409)
* resteasy: Error message exposes endpoint class information (CVE-2021-20289)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Quarkus 2.2.3
Red Hat / Red Hat build of Quarkus
|
cpe:/a:redhat:openshift_application_runtimes:1.0
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
CWE-203 - Observable DiscrepancyAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Quarkus 2.2.3
Red Hat / Red Hat build of Quarkus
|
cpe:/a:redhat:openshift_application_runtimes:1.0
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Quarkus 2.2.3
Red Hat / Red Hat build of Quarkus
|
cpe:/a:redhat:openshift_application_runtimes:1.0
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
In Netty there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used, a local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure.
6.2 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Quarkus 2.2.3
Red Hat / Red Hat build of Quarkus
|
cpe:/a:redhat:openshift_application_runtimes:1.0
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Quarkus 2.2.3
Red Hat / Red Hat build of Quarkus
|
cpe:/a:redhat:openshift_application_runtimes:1.0
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Quarkus 2.2.3
Red Hat / Red Hat build of Quarkus
|
cpe:/a:redhat:openshift_application_runtimes:1.0
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in maven. Repositories that are defined in a dependency’s Project Object Model (pom), which may be unknown to users, are used by default resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. The highest threat from this vulnerability is to data confidentiality and integrity.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Quarkus 2.2.3
Red Hat / Red Hat build of Quarkus
|
cpe:/a:redhat:openshift_application_runtimes:1.0
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
45 references
Acknowledgments
NTT DATA Germany
Dirk Papenberg
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat build of Quarkus.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat build of Quarkus 2.2.3 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section.\n\nSecurity Fix(es):\n\n* maven: Block repositories using http by default (CVE-2021-26291)\n\n* jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)\n\n* wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642)\n\n* netty: Information disclosure via the local system temporary directory (CVE-2021-21290)\n\n* netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* resteasy: Error message exposes endpoint class information (CVE-2021-20289)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:3880",
"url": "https://access.redhat.com/errata/RHSA-2021:3880"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus\u0026downloadType=distributions\u0026version=2.2.3",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus\u0026downloadType=distributions\u0026version=2.2.3"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/2.2/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/2.2/"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/4966181",
"url": "https://access.redhat.com/articles/4966181"
},
{
"category": "external",
"summary": "1927028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927028"
},
{
"category": "external",
"summary": "1930423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930423"
},
{
"category": "external",
"summary": "1935927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"category": "external",
"summary": "1937364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937364"
},
{
"category": "external",
"summary": "1944888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
},
{
"category": "external",
"summary": "1955739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955739"
},
{
"category": "external",
"summary": "1981407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3880.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Quarkus 2.2.3 release and security update",
"tracking": {
"current_release_date": "2026-05-14T22:31:36+00:00",
"generator": {
"date": "2026-05-14T22:31:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2021:3880",
"initial_release_date": "2021-10-20T11:29:22+00:00",
"revision_history": [
{
"date": "2021-10-20T11:29:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-10-20T11:29:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:31:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Quarkus 2.2.3",
"product": {
"name": "Red Hat build of Quarkus 2.2.3",
"product_id": "Red Hat build of Quarkus 2.2.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat build of Quarkus"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28491",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-02-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1930423"
}
],
"notes": [
{
"category": "description",
"text": "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jackson-dataformat-cbor.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nIn OCP 4.6 the openshift4/ose-logging-elasticsearch6 container delivers the vulnerable version of jackson-dataformat-cbor, but OCP 4.6 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support, hence this component is marked as ooss. Since the release of OCP 4.7 this component is delivered as part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8 container).\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Quarkus 2.2.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28491"
},
{
"category": "external",
"summary": "RHBZ#1930423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930423"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28491"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28491",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28491"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329",
"url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329"
}
],
"release_date": "2021-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-10-20T11:29:22+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat build of Quarkus 2.2.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3880"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Quarkus 2.2.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception"
},
{
"cve": "CVE-2021-3642",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"discovery_date": "2021-06-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1981407"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: possible timing attack in ScramServer",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Quarkus 2.2.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3642"
},
{
"category": "external",
"summary": "RHBZ#1981407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3642",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3642"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3642",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3642"
}
],
"release_date": "2021-06-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-10-20T11:29:22+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat build of Quarkus 2.2.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3880"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Quarkus 2.2.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: possible timing attack in ScramServer"
},
{
"acknowledgments": [
{
"names": [
"Dirk Papenberg"
],
"organization": "NTT DATA Germany"
}
],
"cve": "CVE-2021-20289",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2021-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1935927"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "resteasy: Error message exposes endpoint class information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Quarkus 2.2.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-20289"
},
{
"category": "external",
"summary": "RHBZ#1935927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-20289",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20289"
}
],
"release_date": "2021-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-10-20T11:29:22+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat build of Quarkus 2.2.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3880"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Quarkus 2.2.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "resteasy: Error message exposes endpoint class information"
},
{
"cve": "CVE-2021-21290",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1927028"
}
],
"notes": [
{
"category": "description",
"text": "In Netty there is a vulnerability on Unix-like systems involving an insecure temp file. When netty\u0027s multipart decoders are used, a local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Information disclosure via the local system temporary directory",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Quarkus 2.2.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21290"
},
{
"category": "external",
"summary": "RHBZ#1927028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927028"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21290"
}
],
"release_date": "2021-02-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-10-20T11:29:22+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat build of Quarkus 2.2.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3880"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Quarkus 2.2.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "netty: Information disclosure via the local system temporary directory"
},
{
"cve": "CVE-2021-21295",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2021-03-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1937364"
}
],
"notes": [
{
"category": "description",
"text": "In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel\u0027s pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: possible request smuggling in HTTP/2 due missing validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Quarkus 2.2.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21295"
},
{
"category": "external",
"summary": "RHBZ#1937364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937364"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21295",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21295"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj",
"url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
}
],
"release_date": "2021-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-10-20T11:29:22+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat build of Quarkus 2.2.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3880"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Quarkus 2.2.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: possible request smuggling in HTTP/2 due missing validation"
},
{
"cve": "CVE-2021-21409",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2021-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1944888"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Request smuggling via content-length header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite ships a vulnerable Netty version embedded in Candlepin. However, it is not directly vulnerable since the HTTP requests are handled by Tomcat and not by Netty.\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Quarkus 2.2.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21409"
},
{
"category": "external",
"summary": "RHBZ#1944888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
"url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
}
],
"release_date": "2021-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-10-20T11:29:22+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat build of Quarkus 2.2.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3880"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Quarkus 2.2.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: Request smuggling via content-length header"
},
{
"cve": "CVE-2021-26291",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1955739"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in maven. Repositories that are defined in a dependency\u2019s Project Object Model (pom), which may be unknown to users, are used by default resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "maven: Block repositories using http by default",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Quarkus 2.2.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-26291"
},
{
"category": "external",
"summary": "RHBZ#1955739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-26291",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26291"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-26291",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26291"
},
{
"category": "external",
"summary": "https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291",
"url": "https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291"
}
],
"release_date": "2021-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-10-20T11:29:22+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat build of Quarkus 2.2.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3880"
},
{
"category": "workaround",
"details": "To avoid possible man-in-the-middle related attacks with this flaw, ensure any linked repositories in maven POMs use https and not http.",
"product_ids": [
"Red Hat build of Quarkus 2.2.3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Quarkus 2.2.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "maven: Block repositories using http by default"
}
]
}
RHSA-2021:4100
Vulnerability from csaf_redhat - Published: 2021-11-02 12:42 - Updated: 2026-05-14 22:30Summary
Red Hat Security Advisory: Red Hat Integration - Service Registry release and security update [2.0.2.GA]
Severity
Moderate
Notes
Topic: An update to the images for Red Hat Integration Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release of Red Hat Integration - Service registry 2.0.2.GA serves as a replacement for 2.0.1.GA, and includes the below security fixes.
Security Fix(es):
* apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)
* RESTEasy: PathParam in RESTEasy can lead to a reflected XSS attack (CVE-2021-20293)
* resteasy: Error message exposes endpoint class information (CVE-2021-20289)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Service Registry 2.0.2 GA
Red Hat / Red Hat Integration
|
cpe:/a:redhat:integration:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Service Registry 2.0.2 GA
Red Hat / Red Hat Integration
|
cpe:/a:redhat:integration:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity.
5.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Service Registry 2.0.2 GA
Red Hat / Red Hat Integration
|
cpe:/a:redhat:integration:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
19 references
Acknowledgments
NTT DATA Germany
Dirk Papenberg
Red Hat
Jeremy Bonghwan Choi
Ted Jongseok Won
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update to the images for Red Hat Integration Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat Integration - Service registry 2.0.2.GA serves as a replacement for 2.0.1.GA, and includes the below security fixes.\n\nSecurity Fix(es):\n\n* apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)\n\n* RESTEasy: PathParam in RESTEasy can lead to a reflected XSS attack (CVE-2021-20293)\n\n* resteasy: Error message exposes endpoint class information (CVE-2021-20289)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4100",
"url": "https://access.redhat.com/errata/RHSA-2021:4100"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1886587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886587"
},
{
"category": "external",
"summary": "1935927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"category": "external",
"summary": "1942819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942819"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4100.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Integration - Service Registry release and security update [2.0.2.GA]",
"tracking": {
"current_release_date": "2026-05-14T22:30:29+00:00",
"generator": {
"date": "2026-05-14T22:30:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2021:4100",
"initial_release_date": "2021-11-02T12:42:32+00:00",
"revision_history": [
{
"date": "2021-11-02T12:42:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-02T12:42:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:30:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHINT Service Registry 2.0.2 GA",
"product": {
"name": "RHINT Service Registry 2.0.2 GA",
"product_id": "RHINT Service Registry 2.0.2 GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:integration:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Integration"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13956",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-10-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1886587"
}
],
"notes": [
{
"category": "description",
"text": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-httpclient: incorrect handling of malformed authority component in request URIs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable httpclient library to authenticated users only. Additionally the vulnerable httpclient library is not used directly in OCP components, therefore the impact by this vulnerability is Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\nIn the Red Hat Enterprise Linux platforms, Maven 35 and 36 are affected via their respective `httpcomponents-client` component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Service Registry 2.0.2 GA"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-13956"
},
{
"category": "external",
"summary": "RHBZ#1886587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886587"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-13956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2020/10/08/4",
"url": "https://www.openwall.com/lists/oss-security/2020/10/08/4"
}
],
"release_date": "2020-10-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-02T12:42:32+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Service Registry 2.0.2 GA"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"RHINT Service Registry 2.0.2 GA"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-httpclient: incorrect handling of malformed authority component in request URIs"
},
{
"acknowledgments": [
{
"names": [
"Dirk Papenberg"
],
"organization": "NTT DATA Germany"
}
],
"cve": "CVE-2021-20289",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2021-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1935927"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "resteasy: Error message exposes endpoint class information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Service Registry 2.0.2 GA"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-20289"
},
{
"category": "external",
"summary": "RHBZ#1935927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-20289",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20289"
}
],
"release_date": "2021-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-02T12:42:32+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Service Registry 2.0.2 GA"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Service Registry 2.0.2 GA"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "resteasy: Error message exposes endpoint class information"
},
{
"acknowledgments": [
{
"names": [
"Jeremy Bonghwan Choi",
"Ted Jongseok Won"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2021-20293",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2021-03-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1942819"
}
],
"notes": [
{
"category": "description",
"text": "A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RESTEasy: PathParam in RESTEasy can lead to a reflected XSS attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Service Registry 2.0.2 GA"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-20293"
},
{
"category": "external",
"summary": "RHBZ#1942819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942819"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-20293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20293"
}
],
"release_date": "2021-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-02T12:42:32+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Service Registry 2.0.2 GA"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"RHINT Service Registry 2.0.2 GA"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "RESTEasy: PathParam in RESTEasy can lead to a reflected XSS attack"
}
]
}
RHSA-2021:4676
Vulnerability from csaf_redhat - Published: 2021-11-15 17:14 - Updated: 2026-05-14 22:31Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.2 security update on RHEL 7
Severity
Moderate
Notes
Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629)
* wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users (CVE-2021-3717)
* mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129)
* jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)
* resteasy: Error message exposes endpoint class information (CVE-2021-20289)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability.
5.9 (Medium)
Affected products
Fixed
2 products
Known not affected
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src | — |
Threats
Impact
Moderate
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability.
7.8 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Known not affected
97 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src | — |
Threats
Impact
Moderate
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
5.3 (Medium)
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
Known not affected
83 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src | — |
Threats
Impact
Low
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0
6.5 (Medium)
Affected products
Fixed
2 products
Known not affected
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src | — |
Threats
Impact
Moderate
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src | — |
Threats
Impact
Moderate
References
51 references
Acknowledgments
NTT DATA Germany
Dirk Papenberg
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629)\n\n* wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users (CVE-2021-3717)\n\n* mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129)\n\n* jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)\n\n* resteasy: Error message exposes endpoint class information (CVE-2021-20289)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4676",
"url": "https://access.redhat.com/errata/RHSA-2021:4676"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1935927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"category": "external",
"summary": "1977362",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977362"
},
{
"category": "external",
"summary": "1981527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981527"
},
{
"category": "external",
"summary": "1991305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991305"
},
{
"category": "external",
"summary": "1995259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995259"
},
{
"category": "external",
"summary": "JBEAP-21308",
"url": "https://issues.redhat.com/browse/JBEAP-21308"
},
{
"category": "external",
"summary": "JBEAP-21973",
"url": "https://issues.redhat.com/browse/JBEAP-21973"
},
{
"category": "external",
"summary": "JBEAP-22208",
"url": "https://issues.redhat.com/browse/JBEAP-22208"
},
{
"category": "external",
"summary": "JBEAP-22213",
"url": "https://issues.redhat.com/browse/JBEAP-22213"
},
{
"category": "external",
"summary": "JBEAP-22254",
"url": "https://issues.redhat.com/browse/JBEAP-22254"
},
{
"category": "external",
"summary": "JBEAP-22255",
"url": "https://issues.redhat.com/browse/JBEAP-22255"
},
{
"category": "external",
"summary": "JBEAP-22344",
"url": "https://issues.redhat.com/browse/JBEAP-22344"
},
{
"category": "external",
"summary": "JBEAP-22347",
"url": "https://issues.redhat.com/browse/JBEAP-22347"
},
{
"category": "external",
"summary": "JBEAP-22365",
"url": "https://issues.redhat.com/browse/JBEAP-22365"
},
{
"category": "external",
"summary": "JBEAP-22367",
"url": "https://issues.redhat.com/browse/JBEAP-22367"
},
{
"category": "external",
"summary": "JBEAP-22435",
"url": "https://issues.redhat.com/browse/JBEAP-22435"
},
{
"category": "external",
"summary": "JBEAP-22462",
"url": "https://issues.redhat.com/browse/JBEAP-22462"
},
{
"category": "external",
"summary": "JBEAP-22487",
"url": "https://issues.redhat.com/browse/JBEAP-22487"
},
{
"category": "external",
"summary": "JBEAP-22493",
"url": "https://issues.redhat.com/browse/JBEAP-22493"
},
{
"category": "external",
"summary": "JBEAP-22494",
"url": "https://issues.redhat.com/browse/JBEAP-22494"
},
{
"category": "external",
"summary": "JBEAP-22500",
"url": "https://issues.redhat.com/browse/JBEAP-22500"
},
{
"category": "external",
"summary": "JBEAP-22504",
"url": "https://issues.redhat.com/browse/JBEAP-22504"
},
{
"category": "external",
"summary": "JBEAP-22515",
"url": "https://issues.redhat.com/browse/JBEAP-22515"
},
{
"category": "external",
"summary": "JBEAP-22517",
"url": "https://issues.redhat.com/browse/JBEAP-22517"
},
{
"category": "external",
"summary": "JBEAP-22522",
"url": "https://issues.redhat.com/browse/JBEAP-22522"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4676.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.2 security update on RHEL 7",
"tracking": {
"current_release_date": "2026-05-14T22:31:10+00:00",
"generator": {
"date": "2026-05-14T22:31:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2021:4676",
"initial_release_date": "2021-11-15T17:14:55+00:00",
"revision_history": [
{
"date": "2021-11-15T17:14:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-15T17:14:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:31:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.6-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.15.2-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-invocation@1.6.3-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.2-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.43-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.3.12-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src",
"product": {
"name": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src",
"product_id": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jakarta-el@3.0.3-3.redhat_00007.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src",
"product_id": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jsoup@1.14.2-1.redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j@2.2.7-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xml-security@2.1.7-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.12-2.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-modules@1.12.0-2.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.23-2.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src",
"product_id": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javassist@3.27.0-2.GA_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src",
"product_id": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-byte-buddy@1.11.12-2.redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src",
"product_id": "eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-5.redhat_00032.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.7.0-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.8-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src",
"product_id": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.0.202109080827-1.r_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-11.Final_redhat_00010.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.2-2.GA_redhat_00002.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.15.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.15.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.15.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-client@3.15.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.15.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.15.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.15.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.15.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.15.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.15.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.15.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.15.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.15.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.15.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.15.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.15.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.15.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.15.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.15.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-invocation@1.6.3-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.43-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.3.12-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.3.12-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.3.12-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.3.12-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jakarta-el@3.0.3-3.redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jsoup@1.14.2-1.redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j@2.2.7-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j-bindings@2.2.7-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j-policy@2.2.7-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-common@2.2.7-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-dom@2.2.7-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-policy-stax@2.2.7-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-stax@2.2.7-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xml-security@2.1.7-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.12-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-modules@1.12.0-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.23-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.23-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.23-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.23-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.23-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javassist@3.27.0-2.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch",
"product_id": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-byte-buddy@1.11.12-2.redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-5.redhat_00032.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-5.redhat_00032.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-5.redhat_00032.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-5.redhat_00032.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-5.redhat_00032.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-5.redhat_00032.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-5.redhat_00032.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-5.redhat_00032.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-5.redhat_00032.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-5.redhat_00032.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-5.redhat_00032.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-5.redhat_00032.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-5.redhat_00032.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-5.redhat_00032.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-5.redhat_00032.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-5.redhat_00032.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.7.0-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.8-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.0.202109080827-1.r_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-11.Final_redhat_00010.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-11.Final_redhat_00010.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-11.Final_redhat_00010.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.2-2.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.2-2.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.2-2.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.2-2.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.2-2.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src"
},
"product_reference": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3629",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-04-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1977362"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3629"
},
{
"category": "external",
"summary": "RHBZ#1977362",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977362"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3629",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3629"
}
],
"release_date": "2021-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-15T17:14:55+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS"
},
{
"cve": "CVE-2021-3717",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2021-07-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1991305"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3717"
},
{
"category": "external",
"summary": "RHBZ#1991305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991305"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3717"
}
],
"release_date": "2021-08-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-15T17:14:55+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users"
},
{
"acknowledgments": [
{
"names": [
"Dirk Papenberg"
],
"organization": "NTT DATA Germany"
}
],
"cve": "CVE-2021-20289",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2021-03-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1935927"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "resteasy: Error message exposes endpoint class information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-20289"
},
{
"category": "external",
"summary": "RHBZ#1935927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-20289",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20289"
}
],
"release_date": "2021-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-15T17:14:55+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "resteasy: Error message exposes endpoint class information"
},
{
"cve": "CVE-2021-30129",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-07-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1981527"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-30129"
},
{
"category": "external",
"summary": "RHBZ#1981527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981527"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-30129",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-30129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30129"
}
],
"release_date": "2021-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-15T17:14:55+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server"
},
{
"cve": "CVE-2021-37714",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-08-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1995259"
}
],
"notes": [
{
"category": "description",
"text": "jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-37714"
},
{
"category": "external",
"summary": "RHBZ#1995259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995259"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-37714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37714"
},
{
"category": "external",
"summary": "https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c",
"url": "https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c"
}
],
"release_date": "2021-08-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-15T17:14:55+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck"
}
]
}
RHSA-2021:4677
Vulnerability from csaf_redhat - Published: 2021-11-15 17:18 - Updated: 2026-05-14 22:31Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.2 security update on RHEL 8
Severity
Moderate
Notes
Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629)
* wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users (CVE-2021-3717)
* mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129)
* jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)
* resteasy: Error message exposes endpoint class information (CVE-2021-20289)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability.
5.9 (Medium)
Affected products
Fixed
2 products
Known not affected
99 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src | — |
Threats
Impact
Moderate
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
Known not affected
97 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src | — |
Threats
Impact
Moderate
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
5.3 (Medium)
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
Known not affected
81 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src | — |
Threats
Impact
Low
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0
6.5 (Medium)
Affected products
Fixed
2 products
Known not affected
99 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src | — |
Threats
Impact
Moderate
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
99 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src | — |
Threats
Impact
Moderate
References
51 references
Acknowledgments
NTT DATA Germany
Dirk Papenberg
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629)\n\n* wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users (CVE-2021-3717)\n\n* mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129)\n\n* jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)\n\n* resteasy: Error message exposes endpoint class information (CVE-2021-20289)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4677",
"url": "https://access.redhat.com/errata/RHSA-2021:4677"
},
{
"category": "external",
"summary": "1995259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995259"
},
{
"category": "external",
"summary": "JBEAP-21308",
"url": "https://issues.redhat.com/browse/JBEAP-21308"
},
{
"category": "external",
"summary": "JBEAP-21974",
"url": "https://issues.redhat.com/browse/JBEAP-21974"
},
{
"category": "external",
"summary": "JBEAP-22208",
"url": "https://issues.redhat.com/browse/JBEAP-22208"
},
{
"category": "external",
"summary": "JBEAP-22213",
"url": "https://issues.redhat.com/browse/JBEAP-22213"
},
{
"category": "external",
"summary": "JBEAP-22254",
"url": "https://issues.redhat.com/browse/JBEAP-22254"
},
{
"category": "external",
"summary": "JBEAP-22255",
"url": "https://issues.redhat.com/browse/JBEAP-22255"
},
{
"category": "external",
"summary": "JBEAP-22344",
"url": "https://issues.redhat.com/browse/JBEAP-22344"
},
{
"category": "external",
"summary": "JBEAP-22347",
"url": "https://issues.redhat.com/browse/JBEAP-22347"
},
{
"category": "external",
"summary": "JBEAP-22365",
"url": "https://issues.redhat.com/browse/JBEAP-22365"
},
{
"category": "external",
"summary": "JBEAP-22367",
"url": "https://issues.redhat.com/browse/JBEAP-22367"
},
{
"category": "external",
"summary": "JBEAP-22435",
"url": "https://issues.redhat.com/browse/JBEAP-22435"
},
{
"category": "external",
"summary": "JBEAP-22462",
"url": "https://issues.redhat.com/browse/JBEAP-22462"
},
{
"category": "external",
"summary": "JBEAP-22487",
"url": "https://issues.redhat.com/browse/JBEAP-22487"
},
{
"category": "external",
"summary": "JBEAP-22493",
"url": "https://issues.redhat.com/browse/JBEAP-22493"
},
{
"category": "external",
"summary": "JBEAP-22494",
"url": "https://issues.redhat.com/browse/JBEAP-22494"
},
{
"category": "external",
"summary": "JBEAP-22500",
"url": "https://issues.redhat.com/browse/JBEAP-22500"
},
{
"category": "external",
"summary": "JBEAP-22504",
"url": "https://issues.redhat.com/browse/JBEAP-22504"
},
{
"category": "external",
"summary": "JBEAP-22515",
"url": "https://issues.redhat.com/browse/JBEAP-22515"
},
{
"category": "external",
"summary": "JBEAP-22517",
"url": "https://issues.redhat.com/browse/JBEAP-22517"
},
{
"category": "external",
"summary": "JBEAP-22522",
"url": "https://issues.redhat.com/browse/JBEAP-22522"
},
{
"category": "external",
"summary": "1981527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981527"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1935927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"category": "external",
"summary": "1991305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991305"
},
{
"category": "external",
"summary": "1977362",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977362"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4677.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.2 security update on RHEL 8",
"tracking": {
"current_release_date": "2026-05-14T22:31:10+00:00",
"generator": {
"date": "2026-05-14T22:31:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2021:4677",
"initial_release_date": "2021-11-15T17:18:08+00:00",
"revision_history": [
{
"date": "2021-11-15T17:18:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-15T17:18:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:31:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 8",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.6-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.15.2-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-invocation@1.6.3-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.2-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.43-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.3.12-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src",
"product": {
"name": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src",
"product_id": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jakarta-el@3.0.3-3.redhat_00007.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src",
"product": {
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src",
"product_id": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jsoup@1.14.2-1.redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j@2.2.7-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xml-security@2.1.7-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-modules@1.12.0-2.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src",
"product_id": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javassist@3.27.0-2.GA_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.12-2.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.23-2.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src",
"product": {
"name": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src",
"product_id": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-byte-buddy@1.11.12-2.redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src",
"product_id": "eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-5.redhat_00032.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.7.0-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.8-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src",
"product_id": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.0.202109080827-1.r_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-11.Final_redhat_00010.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src",
"product_id": "eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.2-2.GA_redhat_00002.1.el8eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.15.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.15.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.15.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-client@3.15.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.15.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.15.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.15.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.15.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.15.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.15.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.15.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.15.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.15.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.15.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.15.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.15.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.15.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.15.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.15.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-invocation@1.6.3-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.43-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.3.12-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.3.12-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.3.12-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.3.12-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jakarta-el@3.0.3-3.redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jsoup@1.14.2-1.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j@2.2.7-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j-bindings@2.2.7-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j-policy@2.2.7-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-common@2.2.7-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-dom@2.2.7-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-policy-stax@2.2.7-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-stax@2.2.7-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xml-security@2.1.7-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-modules@1.12.0-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javassist@3.27.0-2.GA_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.12-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.23-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.23-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.23-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.23-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.23-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch",
"product_id": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-byte-buddy@1.11.12-2.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-5.redhat_00032.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-5.redhat_00032.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-5.redhat_00032.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-5.redhat_00032.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-5.redhat_00032.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-5.redhat_00032.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-5.redhat_00032.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-5.redhat_00032.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-5.redhat_00032.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-5.redhat_00032.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-5.redhat_00032.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-5.redhat_00032.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-5.redhat_00032.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-5.redhat_00032.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-5.redhat_00032.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-5.redhat_00032.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.7.0-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.8-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.0.202109080827-1.r_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-11.Final_redhat_00010.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-11.Final_redhat_00010.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-11.Final_redhat_00010.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.2-2.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.2-2.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.2-2.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src"
},
"product_reference": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src"
},
"product_reference": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src"
},
"product_reference": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3629",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-04-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1977362"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3629"
},
{
"category": "external",
"summary": "RHBZ#1977362",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977362"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3629",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3629"
}
],
"release_date": "2021-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-15T17:18:08+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4677"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS"
},
{
"cve": "CVE-2021-3717",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2021-07-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1991305"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3717"
},
{
"category": "external",
"summary": "RHBZ#1991305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991305"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3717"
}
],
"release_date": "2021-08-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-15T17:18:08+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4677"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users"
},
{
"acknowledgments": [
{
"names": [
"Dirk Papenberg"
],
"organization": "NTT DATA Germany"
}
],
"cve": "CVE-2021-20289",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2021-03-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1935927"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "resteasy: Error message exposes endpoint class information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-20289"
},
{
"category": "external",
"summary": "RHBZ#1935927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-20289",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20289"
}
],
"release_date": "2021-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-15T17:18:08+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4677"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "resteasy: Error message exposes endpoint class information"
},
{
"cve": "CVE-2021-30129",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-07-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1981527"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-30129"
},
{
"category": "external",
"summary": "RHBZ#1981527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981527"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-30129",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-30129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30129"
}
],
"release_date": "2021-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-15T17:18:08+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4677"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server"
},
{
"cve": "CVE-2021-37714",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-08-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1995259"
}
],
"notes": [
{
"category": "description",
"text": "jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-37714"
},
{
"category": "external",
"summary": "RHBZ#1995259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995259"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-37714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37714"
},
{
"category": "external",
"summary": "https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c",
"url": "https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c"
}
],
"release_date": "2021-08-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-15T17:18:08+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4677"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-5.redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-5.redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.23-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.23-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-11.Final_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-11.Final_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.12-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.2-2.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.2-2.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck"
}
]
}
RHSA-2021:4679
Vulnerability from csaf_redhat - Published: 2021-11-15 17:05 - Updated: 2026-05-14 22:31Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.2 security update
Severity
Moderate
Notes
Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629)
* wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users (CVE-2021-3717)
* mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129)
* jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)
* resteasy: Error message exposes endpoint class information (CVE-2021-20289)
* xmlsec: xml-security: XPath Transform abuse allows for information disclosure (CVE-2021-40690)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
57 references
Acknowledgments
NTT DATA Germany
Dirk Papenberg
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629)\n\n* wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users (CVE-2021-3717)\n\n* mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129)\n\n* jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)\n\n* resteasy: Error message exposes endpoint class information (CVE-2021-20289)\n\n * xmlsec: xml-security: XPath Transform abuse allows for information disclosure (CVE-2021-40690)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4679",
"url": "https://access.redhat.com/errata/RHSA-2021:4679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "1935927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"category": "external",
"summary": "1977362",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977362"
},
{
"category": "external",
"summary": "1981527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981527"
},
{
"category": "external",
"summary": "1991305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991305"
},
{
"category": "external",
"summary": "1995259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995259"
},
{
"category": "external",
"summary": "2011190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011190"
},
{
"category": "external",
"summary": "JBEAP-21308",
"url": "https://issues.redhat.com/browse/JBEAP-21308"
},
{
"category": "external",
"summary": "JBEAP-22208",
"url": "https://issues.redhat.com/browse/JBEAP-22208"
},
{
"category": "external",
"summary": "JBEAP-22213",
"url": "https://issues.redhat.com/browse/JBEAP-22213"
},
{
"category": "external",
"summary": "JBEAP-22254",
"url": "https://issues.redhat.com/browse/JBEAP-22254"
},
{
"category": "external",
"summary": "JBEAP-22255",
"url": "https://issues.redhat.com/browse/JBEAP-22255"
},
{
"category": "external",
"summary": "JBEAP-22344",
"url": "https://issues.redhat.com/browse/JBEAP-22344"
},
{
"category": "external",
"summary": "JBEAP-22347",
"url": "https://issues.redhat.com/browse/JBEAP-22347"
},
{
"category": "external",
"summary": "JBEAP-22365",
"url": "https://issues.redhat.com/browse/JBEAP-22365"
},
{
"category": "external",
"summary": "JBEAP-22367",
"url": "https://issues.redhat.com/browse/JBEAP-22367"
},
{
"category": "external",
"summary": "JBEAP-22435",
"url": "https://issues.redhat.com/browse/JBEAP-22435"
},
{
"category": "external",
"summary": "JBEAP-22462",
"url": "https://issues.redhat.com/browse/JBEAP-22462"
},
{
"category": "external",
"summary": "JBEAP-22487",
"url": "https://issues.redhat.com/browse/JBEAP-22487"
},
{
"category": "external",
"summary": "JBEAP-22493",
"url": "https://issues.redhat.com/browse/JBEAP-22493"
},
{
"category": "external",
"summary": "JBEAP-22494",
"url": "https://issues.redhat.com/browse/JBEAP-22494"
},
{
"category": "external",
"summary": "JBEAP-22500",
"url": "https://issues.redhat.com/browse/JBEAP-22500"
},
{
"category": "external",
"summary": "JBEAP-22504",
"url": "https://issues.redhat.com/browse/JBEAP-22504"
},
{
"category": "external",
"summary": "JBEAP-22515",
"url": "https://issues.redhat.com/browse/JBEAP-22515"
},
{
"category": "external",
"summary": "JBEAP-22517",
"url": "https://issues.redhat.com/browse/JBEAP-22517"
},
{
"category": "external",
"summary": "JBEAP-22522",
"url": "https://issues.redhat.com/browse/JBEAP-22522"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4679.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.2 security update",
"tracking": {
"current_release_date": "2026-05-14T22:31:12+00:00",
"generator": {
"date": "2026-05-14T22:31:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2021:4679",
"initial_release_date": "2021-11-15T17:05:54+00:00",
"revision_history": [
{
"date": "2021-11-15T17:05:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-10T20:52:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:31:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product_id": "Red Hat JBoss Enterprise Application Platform 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3629",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-04-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1977362"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3629"
},
{
"category": "external",
"summary": "RHBZ#1977362",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977362"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3629",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3629"
}
],
"release_date": "2021-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-15T17:05:54+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4679"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS"
},
{
"cve": "CVE-2021-3717",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2021-07-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1991305"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3717"
},
{
"category": "external",
"summary": "RHBZ#1991305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991305"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3717"
}
],
"release_date": "2021-08-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-15T17:05:54+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4679"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users"
},
{
"acknowledgments": [
{
"names": [
"Dirk Papenberg"
],
"organization": "NTT DATA Germany"
}
],
"cve": "CVE-2021-20289",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2021-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1935927"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "resteasy: Error message exposes endpoint class information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-20289"
},
{
"category": "external",
"summary": "RHBZ#1935927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-20289",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20289"
}
],
"release_date": "2021-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-15T17:05:54+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4679"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "resteasy: Error message exposes endpoint class information"
},
{
"cve": "CVE-2021-30129",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1981527"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-30129"
},
{
"category": "external",
"summary": "RHBZ#1981527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981527"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-30129",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-30129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30129"
}
],
"release_date": "2021-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-15T17:05:54+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4679"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server"
},
{
"cve": "CVE-2021-37714",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-08-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1995259"
}
],
"notes": [
{
"category": "description",
"text": "jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-37714"
},
{
"category": "external",
"summary": "RHBZ#1995259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995259"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-37714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37714"
},
{
"category": "external",
"summary": "https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c",
"url": "https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c"
}
],
"release_date": "2021-08-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-15T17:05:54+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4679"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck"
},
{
"cve": "CVE-2021-40690",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2011190"
}
],
"notes": [
{
"category": "description",
"text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the \"secureValidation\" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xml-security: XPath Transform abuse allows for information disclosure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Since OpenShift Container Platform (OCP) 4.7, the logging-elasticsearch6-container is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-40690"
},
{
"category": "external",
"summary": "RHBZ#2011190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011190"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-40690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40690"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-40690",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40690"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E",
"url": "https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E"
}
],
"release_date": "2021-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-15T17:05:54+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4679"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xml-security: XPath Transform abuse allows for information disclosure"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…