Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-44487 (GCVE-0-2023-44487)
Vulnerability from cvelistv5 – Published: 2023-10-10 00:00 – Updated: 2026-05-12 10:52Summary
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Severity
7.5 (High)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
173 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| ietf | http |
Affected:
2.0
cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:* |
|
| Siemens | RUGGEDCOM APE1808 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SINEC NMS |
Affected:
0 , < V3.0
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
CISA
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 4441842a-dcf2-4b86-a575-007bad2b482a
Exploited: Yes
Timestamps
First Seen: 2023-10-10
Asserted: 2023-10-10
Scope
Notes: KEV entry: HTTP/2 Rapid Reset Attack Vulnerability | Affected: IETF / HTTP/2 | Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS). | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-31 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or protocol used by different products. For more information, please see: HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 | CISA: https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487; https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/; https://nvd.nist.gov/vuln/detail/CVE-2023-44487
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-400 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | HTTP/2 |
| Due Date | 2023-10-31 |
| Date Added | 2023-10-10 |
| Vendorproject | IETF |
| Vulnerabilityname | HTTP/2 Rapid Reset Attack Vulnerability |
| Knownransomwarecampaignuse | Unknown |
References
Created: 2026-02-02 12:26 UTC
| Updated: 2026-02-06 07:17 UTC
KEVIntel
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 0cbf9a82-2675-4ede-b44b-4bd004a74aa9
Exploited: Yes
Timestamps
First Seen: 2023-10-10
Asserted: 2023-10-10
Scope
Notes: KEVIntel entry: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as... | Affected: Google / Cloud Platform | CVSS: 7.5 (HIGH) | EPSS: 0.99999 | Used in malware: unknown | Not yet in CISA KEV: False
Evidence
Type: Public Report
Signal: Successful Exploitation
Confidence: 70%
Source: kevintel
Details
| Feed | KEVIntel (kevintel.com) |
|---|---|
| Title | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as... |
| Vendor | |
| Product | Cloud Platform |
| Added Date | 2023-10-10T00:00:00.000Z |
| Cvss Score | 7.5 |
| Epss Score | 0.99999 |
| Cvss Severity | HIGH |
| Epss Percentile | 0.99996 |
| Used In Malware | unknown |
| Ahead Of Cisa Kev | None |
| Not Yet In Cisa Kev | False |
References
Created: 2026-06-23 14:05 UTC
| Updated: 2026-06-23 14:05 UTC
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "http",
"vendor": "ietf",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-44487",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T20:34:21.334116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-10-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:35.187Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-10T00:00:00.000Z",
"value": "CVE-2023-44487 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:08:27.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
},
{
"tags": [
"x_transferred"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37831062"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/pull/30055"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/haproxy/haproxy/issues/2312"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse/jetty.project/issues/10679"
},
{
"tags": [
"x_transferred"
],
"url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nghttp2/nghttp2/pull/1961"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/alibaba/tengine/issues/1872"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37830987"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37830998"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/caddyserver/caddy/issues/5877"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bcdannyboy/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/grpc/grpc-go/pull/6703"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
},
{
"tags": [
"x_transferred"
],
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000137106"
},
{
"tags": [
"x_transferred"
],
"url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
},
{
"tags": [
"x_transferred"
],
"url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/facebook/proxygen/pull/466"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/micrictor/http2-rst-stream"
},
{
"tags": [
"x_transferred"
],
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/h2o/h2o/pull/3291"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nodejs/node/pull/50121"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/golang/go/issues/63417"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/trafficserver/pull/10564"
},
{
"tags": [
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/opensearch-project/data-prepper/issues/3474"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/pull/121120"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
},
{
"tags": [
"x_transferred"
],
"url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37837043"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kazu-yamamoto/http2/issues/93"
},
{
"tags": [
"x_transferred"
],
"url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
},
{
"name": "DSA-5522",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"name": "DSA-5521",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ninenines/cowboy/issues/1615"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/varnishcache/varnish-cache/issues/3996"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tempesta-tech/tempesta/issues/1986"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.vespa.ai/cve-2023-44487/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/etcd-io/etcd/issues/16740"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
},
{
"tags": [
"x_transferred"
],
"url": "https://istio.io/latest/news/security/istio-security-2023-004/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/junkurihara/rust-rpxy/issues/97"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/httpd-site/pull/10"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/projectcontour/contour/pull/5826"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/line/armeria/pull/5232"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/akka/akka-http/issues/4323"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openresty/openresty/issues/930"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/apisix/issues/10320"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Azure/AKS/issues/3947"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Kong/kong/discussions/11741"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
},
{
"name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
},
{
"name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
},
{
"tags": [
"x_transferred"
],
"url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
},
{
"name": "FEDORA-2023-ed2642fd58",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
},
{
"name": "[oss-security] 20231018 Vulnerability in Jenkins",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
},
{
"name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
},
{
"name": "FEDORA-2023-54fadada12",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
},
{
"name": "FEDORA-2023-5ff7bf1dd8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
},
{
"name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
},
{
"name": "FEDORA-2023-17efd3f2cd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
},
{
"name": "FEDORA-2023-d5030c983c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"name": "FEDORA-2023-0259c3f26f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
},
{
"name": "FEDORA-2023-2a9214af5f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
},
{
"name": "FEDORA-2023-e9c04d81c1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"name": "FEDORA-2023-f66fc0f62a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"name": "FEDORA-2023-4d2fd884ea",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"name": "FEDORA-2023-b2c50535cb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
},
{
"name": "FEDORA-2023-fe53e13b5b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"name": "FEDORA-2023-4bf641255e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
},
{
"name": "DSA-5540",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5540"
},
{
"name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
},
{
"name": "FEDORA-2023-1caffb88af",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
},
{
"name": "FEDORA-2023-3f70b8d406",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
},
{
"name": "FEDORA-2023-7b52921cae",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"name": "FEDORA-2023-7934802344",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
},
{
"name": "FEDORA-2023-dbe64661af",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
},
{
"name": "FEDORA-2023-822aab0a5a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
},
{
"name": "DSA-5549",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5549"
},
{
"name": "FEDORA-2023-c0c6a91330",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
},
{
"name": "FEDORA-2023-492b7be466",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
},
{
"name": "DSA-5558",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5558"
},
{
"name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
},
{
"name": "GLSA-202311-09",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"name": "DSA-5570",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5570"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/08/13/6"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM APE1808",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T10:52:23.784Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-832273.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-341067.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-07T20:05:34.376Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
},
{
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
},
{
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
},
{
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
},
{
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
},
{
"url": "https://news.ycombinator.com/item?id=37831062"
},
{
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
},
{
"url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
},
{
"url": "https://github.com/envoyproxy/envoy/pull/30055"
},
{
"url": "https://github.com/haproxy/haproxy/issues/2312"
},
{
"url": "https://github.com/eclipse/jetty.project/issues/10679"
},
{
"url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
},
{
"url": "https://github.com/nghttp2/nghttp2/pull/1961"
},
{
"url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
},
{
"url": "https://github.com/alibaba/tengine/issues/1872"
},
{
"url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
},
{
"url": "https://news.ycombinator.com/item?id=37830987"
},
{
"url": "https://news.ycombinator.com/item?id=37830998"
},
{
"url": "https://github.com/caddyserver/caddy/issues/5877"
},
{
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
},
{
"url": "https://github.com/bcdannyboy/CVE-2023-44487"
},
{
"url": "https://github.com/grpc/grpc-go/pull/6703"
},
{
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
},
{
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
},
{
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
},
{
"url": "https://my.f5.com/manage/s/article/K000137106"
},
{
"url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
},
{
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
},
{
"url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
},
{
"name": "[oss-security] 20231010 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/7"
},
{
"name": "[oss-security] 20231010 CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
},
{
"url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
},
{
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
},
{
"url": "https://github.com/facebook/proxygen/pull/466"
},
{
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
},
{
"url": "https://github.com/micrictor/http2-rst-stream"
},
{
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
},
{
"url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
},
{
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
},
{
"url": "https://github.com/h2o/h2o/pull/3291"
},
{
"url": "https://github.com/nodejs/node/pull/50121"
},
{
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"url": "https://github.com/golang/go/issues/63417"
},
{
"url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
},
{
"url": "https://github.com/apache/trafficserver/pull/10564"
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
},
{
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
},
{
"url": "https://github.com/opensearch-project/data-prepper/issues/3474"
},
{
"url": "https://github.com/kubernetes/kubernetes/pull/121120"
},
{
"url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
},
{
"url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
},
{
"url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
},
{
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
},
{
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
},
{
"url": "https://news.ycombinator.com/item?id=37837043"
},
{
"url": "https://github.com/kazu-yamamoto/http2/issues/93"
},
{
"url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
},
{
"url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
},
{
"url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
},
{
"name": "DSA-5522",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"name": "DSA-5521",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"url": "https://access.redhat.com/security/cve/cve-2023-44487"
},
{
"url": "https://github.com/ninenines/cowboy/issues/1615"
},
{
"url": "https://github.com/varnishcache/varnish-cache/issues/3996"
},
{
"url": "https://github.com/tempesta-tech/tempesta/issues/1986"
},
{
"url": "https://blog.vespa.ai/cve-2023-44487/"
},
{
"url": "https://github.com/etcd-io/etcd/issues/16740"
},
{
"url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
},
{
"url": "https://istio.io/latest/news/security/istio-security-2023-004/"
},
{
"url": "https://github.com/junkurihara/rust-rpxy/issues/97"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"url": "https://ubuntu.com/security/CVE-2023-44487"
},
{
"url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
},
{
"url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
},
{
"url": "https://github.com/apache/httpd-site/pull/10"
},
{
"url": "https://github.com/projectcontour/contour/pull/5826"
},
{
"url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
},
{
"url": "https://github.com/line/armeria/pull/5232"
},
{
"url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
},
{
"url": "https://security.paloaltonetworks.com/CVE-2023-44487"
},
{
"url": "https://github.com/akka/akka-http/issues/4323"
},
{
"url": "https://github.com/openresty/openresty/issues/930"
},
{
"url": "https://github.com/apache/apisix/issues/10320"
},
{
"url": "https://github.com/Azure/AKS/issues/3947"
},
{
"url": "https://github.com/Kong/kong/discussions/11741"
},
{
"url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
},
{
"url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
},
{
"url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
},
{
"name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
},
{
"name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
},
{
"url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
},
{
"url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
},
{
"name": "FEDORA-2023-ed2642fd58",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
},
{
"url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
},
{
"name": "[oss-security] 20231018 Vulnerability in Jenkins",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
},
{
"name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
},
{
"name": "FEDORA-2023-54fadada12",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
},
{
"name": "FEDORA-2023-5ff7bf1dd8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
},
{
"name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
},
{
"name": "FEDORA-2023-17efd3f2cd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
},
{
"name": "FEDORA-2023-d5030c983c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"name": "FEDORA-2023-0259c3f26f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
},
{
"name": "FEDORA-2023-2a9214af5f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
},
{
"name": "FEDORA-2023-e9c04d81c1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"name": "FEDORA-2023-f66fc0f62a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"name": "FEDORA-2023-4d2fd884ea",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"name": "FEDORA-2023-b2c50535cb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
},
{
"name": "FEDORA-2023-fe53e13b5b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"name": "FEDORA-2023-4bf641255e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
},
{
"name": "DSA-5540",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5540"
},
{
"name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
},
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
},
{
"name": "FEDORA-2023-1caffb88af",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
},
{
"name": "FEDORA-2023-3f70b8d406",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
},
{
"name": "FEDORA-2023-7b52921cae",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"name": "FEDORA-2023-7934802344",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
},
{
"name": "FEDORA-2023-dbe64661af",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
},
{
"name": "FEDORA-2023-822aab0a5a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
},
{
"name": "DSA-5549",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5549"
},
{
"name": "FEDORA-2023-c0c6a91330",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
},
{
"name": "FEDORA-2023-492b7be466",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
},
{
"name": "DSA-5558",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5558"
},
{
"name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
},
{
"name": "GLSA-202311-09",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"name": "DSA-5570",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5570"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"url": "https://github.com/grpc/grpc/releases/tag/v1.59.2"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-44487",
"datePublished": "2023-10-10T00:00:00.000Z",
"dateReserved": "2023-09-29T00:00:00.000Z",
"dateUpdated": "2026-05-12T10:52:23.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2023-44487",
"cwes": "[\"CWE-400\"]",
"dateAdded": "2023-10-10",
"dueDate": "2023-10-31",
"knownRansomwareCampaignUse": "Unknown",
"notes": "This vulnerability affects a common open-source component, third-party library, or protocol used by different products. For more information, please see: HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 | CISA: https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487; https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/; https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"product": "HTTP/2",
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"shortDescription": "HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).",
"vendorProject": "IETF",
"vulnerabilityName": "HTTP/2 Rapid Reset Attack Vulnerability"
},
"epss": {
"cve": "CVE-2023-44487",
"date": "2026-06-24",
"epss": "0.99999",
"percentile": "0.99996"
},
"fkie_nvd": {
"cisaActionDue": "2023-10-31",
"cisaExploitAdd": "2023-10-10",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "HTTP/2 Rapid Reset Attack Vulnerability",
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5200E35-222B-42E0-83E0-5B702684D992\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.57.0\", \"matchCriteriaId\": \"C3BDC297-F023-4E87-8518-B84CCF9DD6A8\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.1.100\", \"matchCriteriaId\": \"D12D5257-7ED2-400F-9EF7-40E0D3650C2B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:envoyproxy:envoy:1.24.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B058776-B5B7-4079-B0AF-23F40926DCEC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:envoyproxy:envoy:1.25.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D565975-EFD9-467C-B6E3-1866A4EF17A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:envoyproxy:envoy:1.26.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D487271-1B5E-4F16-B0CB-A7B8908935C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:envoyproxy:envoy:1.27.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA6ED627-EFB3-4BDD-8ECC-C5947A1470B2\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.4.53\", \"matchCriteriaId\": \"A4A6F189-6C43-462D-85C9-B0EBDA8A4683\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.0.0\", \"versionEndExcluding\": \"10.0.17\", \"matchCriteriaId\": \"C993C920-85C0-4181-A95E-5D965A670738\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0.0\", \"versionEndExcluding\": \"11.0.17\", \"matchCriteriaId\": \"08E79A8E-E12C-498F-AF4F-1AAA7135661E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0.0\", \"versionEndExcluding\": \"12.0.2\", \"matchCriteriaId\": \"F138D800-9A3B-4C76-8A3C-4793083A1517\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.7.5\", \"matchCriteriaId\": \"6341DDDA-AD27-4087-9D59-0A212F0037B4\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.20.10\", \"matchCriteriaId\": \"328120E4-C031-44B4-9BE5-03B0CDAA066F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.21.0\", \"versionEndExcluding\": \"1.21.3\", \"matchCriteriaId\": \"5FD9AB15-E5F6-4DBC-9EC7-D0ABA705802A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*\", \"versionEndExcluding\": \"0.17.0\", \"matchCriteriaId\": \"D7D2F801-6F65-4705-BCB9-D057EA54A707\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:*\", \"versionEndExcluding\": \"0.17.0\", \"matchCriteriaId\": \"801F25DA-F38C-4452-8E90-235A3B1A5FF0\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1.0\", \"versionEndIncluding\": \"13.1.5\", \"matchCriteriaId\": \"D93F04AD-DF14-48AB-9F13-8B2E491CF42E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.5\", \"matchCriteriaId\": \"7522C760-7E07-406F-BF50-5656D5723C4F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.1.0\", \"versionEndIncluding\": \"15.1.10\", \"matchCriteriaId\": \"3A7F605E-EB10-40FB-98D6-7E3A95E310BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.1.0\", \"versionEndIncluding\": \"16.1.4\", \"matchCriteriaId\": \"783E62F2-F867-48F1-B123-D1227C970674\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A8D90B7-A1AF-4EFB-B688-1563D81E5C6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1.0\", \"versionEndIncluding\": \"13.1.5\", \"matchCriteriaId\": \"6603ED6A-3366-4572-AFCD-B3D4B1EC7606\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.5\", \"matchCriteriaId\": \"88978E38-81D3-4EFE-8525-A300B101FA69\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.1.0\", \"versionEndIncluding\": \"15.1.10\", \"matchCriteriaId\": \"0510296F-92D7-4388-AE3A-0D9799C2FC4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.1.0\", \"versionEndIncluding\": \"16.1.4\", \"matchCriteriaId\": \"D7698D6C-B1F7-43C1-BBA6-88E956356B3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A1CC91B-6920-4AF0-9EDD-DD3189E78F4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1.0\", \"versionEndIncluding\": \"13.1.5\", \"matchCriteriaId\": \"05E452AA-A520-4CBE-8767-147772B69194\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.5\", \"matchCriteriaId\": \"596FC5D5-7329-4E39-841E-CAE937C02219\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.1.0\", \"versionEndIncluding\": \"15.1.10\", \"matchCriteriaId\": \"B3C7A168-F370-441E-8790-73014BCEC39F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.1.0\", \"versionEndIncluding\": \"16.1.4\", \"matchCriteriaId\": \"CF16FD01-7704-40AB-ACB2-80A883804D22\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1769D69A-CB59-46B1-89B3-FB97DC6DEB9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1.0\", \"versionEndIncluding\": \"13.1.5\", \"matchCriteriaId\": \"9167FEC1-2C37-4946-9657-B4E69301FB24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.5\", \"matchCriteriaId\": \"7B4B3442-E0C0-48CD-87AD-060E15C9801E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.1.0\", \"versionEndIncluding\": \"15.1.10\", \"matchCriteriaId\": \"8FA85EC1-D91A-49DD-949B-2AF7AC813CA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.1.0\", \"versionEndIncluding\": \"16.1.4\", \"matchCriteriaId\": \"20662BB0-4C3D-4CF0-B068-3555C65DD06C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59203EBF-C52A-45A1-B8DF-00E17E3EFB51\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1.0\", \"versionEndIncluding\": \"13.1.5\", \"matchCriteriaId\": \"7EC2324D-EC8B-41DF-88A7-819E53AAD0FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.5\", \"matchCriteriaId\": \"9B88F9D1-B54B-40C7-A18A-26C4A071D7EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.1.0\", \"versionEndIncluding\": \"15.1.10\", \"matchCriteriaId\": \"C8F39403-C259-4D6F-9E9A-53671017EEDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.1.0\", \"versionEndIncluding\": \"16.1.4\", \"matchCriteriaId\": \"220F2D38-FA82-45EF-B957-7678C9FEDBC1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C698C1C-A3DD-46E2-B05A-12F2604E7F85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1.0\", \"versionEndIncluding\": \"13.1.5\", \"matchCriteriaId\": \"922AA845-530A-4B4B-9976-4CBC30C8A324\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.5\", \"matchCriteriaId\": \"F938EB43-8373-47EB-B269-C6DF058A9244\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.1.0\", \"versionEndIncluding\": \"15.1.10\", \"matchCriteriaId\": \"1771493E-ACAA-477F-8AB4-25DB12F6AD6E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.1.0\", \"versionEndIncluding\": \"16.1.4\", \"matchCriteriaId\": \"5E86F3D5-65A4-48CE-A6A2-736BBB88E3F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87670A74-34FE-45DF-A725-25B804C845B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1.0\", \"versionEndIncluding\": \"13.1.5\", \"matchCriteriaId\": \"C7E422F6-C4C2-43AC-B137-0997B5739030\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.5\", \"matchCriteriaId\": \"CC3F710F-DBCB-4976-9719-CF063DA22377\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.1.0\", \"versionEndIncluding\": \"15.1.10\", \"matchCriteriaId\": \"4B9B76A1-7C5A-453F-A4ED-F1A81BCEBEB5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.1.0\", \"versionEndIncluding\": \"16.1.4\", \"matchCriteriaId\": \"88EDFCD9-775C-48FA-9CDA-2B04DA8D0612\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"67DB21AE-DF53-442D-B492-C4ED9A20B105\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1.0\", \"versionEndIncluding\": \"13.1.5\", \"matchCriteriaId\": \"4C9FCBCB-9CE0-49E7-85C8-69E71D211912\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.5\", \"matchCriteriaId\": \"112DFA85-90AD-478D-BD70-8C7C0C074F1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.1.0\", \"versionEndIncluding\": \"15.1.10\", \"matchCriteriaId\": \"DB704A1C-D8B7-48BB-A15A-C14DB591FE4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.1.0\", \"versionEndIncluding\": \"16.1.4\", \"matchCriteriaId\": \"21D51D9F-2840-4DEA-A007-D20111A1745C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BC1D037-74D2-4F92-89AD-C90F6CBF440B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1.0\", \"versionEndIncluding\": \"13.1.5\", \"matchCriteriaId\": \"CAEF3EA4-7D5A-4B44-9CE3-258AEC745866\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.5\", \"matchCriteriaId\": \"2FBCE2D1-9D93-415D-AB2C-2060307C305A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.1.0\", \"versionEndIncluding\": \"15.1.10\", \"matchCriteriaId\": \"8070B469-8CC4-4D2F-97D7-12D0ABB963C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.1.0\", \"versionEndIncluding\": \"16.1.4\", \"matchCriteriaId\": \"A326597E-725D-45DE-BEF7-2ED92137B253\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B235A78-649B-46C5-B24B-AB485A884654\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1.0\", \"versionEndIncluding\": \"13.1.5\", \"matchCriteriaId\": \"08B25AAB-A98C-4F89-9131-29E3A8C0ED23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.5\", \"matchCriteriaId\": \"ED9B976A-D3AD-4445-BF8A-067C3EBDFBB0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.1.0\", \"versionEndIncluding\": \"15.1.10\", \"matchCriteriaId\": \"98D2CE1E-DED0-470A-AA78-C78EF769C38E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.1.0\", \"versionEndIncluding\": \"16.1.4\", \"matchCriteriaId\": \"C966FABA-7199-4F0D-AB8C-4590FE9D2FFF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"84D00768-E71B-4FF7-A7BF-F2C8CFBC900D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1.0\", \"versionEndIncluding\": \"13.1.5\", \"matchCriteriaId\": \"E3D2ABA3-D4A9-4267-B0DF-7C3BBEEAEB66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.5\", \"matchCriteriaId\": \"BC36311E-BB00-4750-85C8-51F5A2604F07\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.1.0\", \"versionEndIncluding\": \"15.1.10\", \"matchCriteriaId\": \"A65D357E-4B40-42EC-9AAA-2B6CEF78C401\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.1.0\", \"versionEndIncluding\": \"16.1.4\", \"matchCriteriaId\": \"D7EF9865-FE65-4DFB-BF21-62FBCE65FF1C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABBD10E8-6054-408F-9687-B9BF6375CA09\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1.0\", \"versionEndIncluding\": \"13.1.5\", \"matchCriteriaId\": \"E6018B01-048C-43BB-A78D-66910ED60CA9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.5\", \"matchCriteriaId\": \"3A6A5686-5A8B-45D5-9165-BC99D2CCAC47\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.1.0\", \"versionEndIncluding\": \"15.1.10\", \"matchCriteriaId\": \"5D2A121F-5BD2-4263-8ED3-1DDE25B5C306\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.1.0\", \"versionEndIncluding\": \"16.1.4\", \"matchCriteriaId\": \"0A4F7BAD-3EDD-4DE0-AAB7-DE5ACA34DD79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83794B04-87E2-4CA9-81F5-BB820D0F5395\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1.0\", \"versionEndIncluding\": \"13.1.5\", \"matchCriteriaId\": \"D9EC2237-117F-43BD-ADEC-516CF72E04EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.5\", \"matchCriteriaId\": \"F70D4B6F-65CF-48F4-9A07-072DFBCE53D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.1.0\", \"versionEndIncluding\": \"15.1.10\", \"matchCriteriaId\": \"29563719-1AF2-4BB8-8CCA-A0869F87795D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.1.0\", \"versionEndIncluding\": \"16.1.4\", \"matchCriteriaId\": \"D24815DD-579A-46D1-B9F2-3BB2C56BC54D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A6E7035-3299-474F-8F67-945EA9A059D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1.0\", \"versionEndIncluding\": \"13.1.5\", \"matchCriteriaId\": \"0360F76D-E75E-4B05-A294-B47012323ED9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.5\", \"matchCriteriaId\": \"7A4607BF-41AC-4E84-A110-74E085FF0445\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.1.0\", \"versionEndIncluding\": \"15.1.10\", \"matchCriteriaId\": \"441CC945-7CA3-49C0-AE10-94725301E31D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.1.0\", \"versionEndIncluding\": \"16.1.4\", \"matchCriteriaId\": \"46BA8E8A-6ED5-4FB2-8BBC-586AA031085A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56FB92F7-FF1E-425D-A5AB-9D9FB0BB9450\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_next:20.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"969C4F14-F6D6-46D6-B348-FC1463877680\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.5.0\", \"versionEndIncluding\": \"1.8.2\", \"matchCriteriaId\": \"41AD5040-1250-45F5-AB63-63F333D49BCC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1.0\", \"versionEndIncluding\": \"13.1.5\", \"matchCriteriaId\": \"8257AA59-C14D-4EC1-B22C-DFBB92CBC297\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.5\", \"matchCriteriaId\": \"37DB32BB-F4BA-4FB5-94B1-55C3F06749CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.1.0\", \"versionEndIncluding\": \"15.1.10\", \"matchCriteriaId\": \"FFF5007E-761C-4697-8D34-C064DF0ABE8D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.1.0\", \"versionEndIncluding\": \"16.1.4\", \"matchCriteriaId\": \"910441D3-90EF-4375-B007-D51120A60AB2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"667EB77B-DA13-4BA4-9371-EE3F3A109F38\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1.0\", \"versionEndIncluding\": \"13.1.5\", \"matchCriteriaId\": \"8A6F9699-A485-4614-8F38-5A556D31617E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.5\", \"matchCriteriaId\": \"5A90F547-97A2-41EC-9FDF-25F869F0FA38\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.1.0\", \"versionEndIncluding\": \"15.1.10\", \"matchCriteriaId\": \"E76E1B82-F1DC-4366-B388-DBDF16C586A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.1.0\", \"versionEndIncluding\": \"16.1.4\", \"matchCriteriaId\": \"660137F4-15A1-42D1-BBAC-99A1D5BB398B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C446827A-1F71-4FAD-9422-580642D26AD1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1.0\", \"versionEndIncluding\": \"13.1.5\", \"matchCriteriaId\": \"1932D32D-0E4B-4BBD-816F-6D47AB2E2F04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.5\", \"matchCriteriaId\": \"D47B7691-A95B-45C0-BAB4-27E047F3C379\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.1.0\", \"versionEndIncluding\": \"15.1.10\", \"matchCriteriaId\": \"2CD1637D-0E42-4928-867A-BA0FDB6E8462\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.1.0\", \"versionEndIncluding\": \"16.1.4\", \"matchCriteriaId\": \"3A599F90-F66B-4DF0-AD7D-D234F328BD59\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_webaccelerator:17.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D1B2000-C3FE-4B4C-885A-A5076EB164E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1.0\", \"versionEndIncluding\": \"13.1.5\", \"matchCriteriaId\": \"5326759A-AFB0-4A15-B4E9-3C9A2E5DB32A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.5\", \"matchCriteriaId\": \"57D92D05-C67D-437E-88F3-DCC3F6B0ED2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.1.0\", \"versionEndIncluding\": \"15.1.10\", \"matchCriteriaId\": \"ECCB8C30-861E-4E48-A5F5-30EE523C1FB6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.1.0\", \"versionEndIncluding\": \"16.1.4\", \"matchCriteriaId\": \"F5FEAD2A-3A58-432E-BEBB-6E3FDE24395F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_websafe:17.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8AB23AE6-245E-43D6-B832-933F8259F937\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.9.5\", \"versionEndIncluding\": \"1.25.2\", \"matchCriteriaId\": \"1188B4A9-2684-413C-83D1-E91C75AE0FCF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0.0\", \"versionEndIncluding\": \"2.4.2\", \"matchCriteriaId\": \"3337609D-5291-4A52-BC6A-6A8D4E60EB20\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.0\", \"versionEndIncluding\": \"3.3.0\", \"matchCriteriaId\": \"6CF0ABD9-EB28-4966-8C31-EED7AFBF1527\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"r25\", \"versionEndExcluding\": \"r29\", \"matchCriteriaId\": \"F291CB34-47A4-425A-A200-087CC295AEC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:nginx_plus:r29:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"5892B558-EC3A-43FF-A1D5-B2D9F70796F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"96BF2B19-52C7-4051-BA58-CAE6F912B72F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.5.0\", \"versionEndIncluding\": \"8.5.93\", \"matchCriteriaId\": \"ABD26B48-CC80-4FAE-BD3D-78DE4C80C92B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.0.0\", \"versionEndIncluding\": \"9.0.80\", \"matchCriteriaId\": \"F3EC20B6-B2AB-41F5-9BF9-D16C1FE67C34\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.1.0\", \"versionEndIncluding\": \"10.1.13\", \"matchCriteriaId\": \"0765CC3D-AB1A-4147-8900-EF4C105321F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1AA7FF6-E8E7-4BF6-983E-0A99B0183008\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*\", \"matchCriteriaId\": \"57088BDD-A136-45EF-A8A1-2EBF79CEC2CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*\", \"matchCriteriaId\": \"B32D1D7A-A04F-444E-8F45-BB9A9E4B0199\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*\", \"matchCriteriaId\": \"2AAD52CE-94F5-4F98-A027-9A7E68818CB6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*\", \"matchCriteriaId\": \"03A171AF-2EC8-4422-912C-547CDB58CAAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*\", \"matchCriteriaId\": \"538E68C4-0BA4-495F-AEF8-4EF6EE7963CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*\", \"matchCriteriaId\": \"49350A6E-5E1D-45B2-A874-3B8601B3ADCC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F50942F-DF54-46C0-8371-9A476DD3EEA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*\", \"matchCriteriaId\": \"D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*\", \"matchCriteriaId\": \"98792138-DD56-42DF-9612-3BDC65EEC117\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:swiftnio_http\\\\/2:*:*:*:*:*:swift:*:*\", \"versionEndExcluding\": \"1.28.0\", \"matchCriteriaId\": \"08190072-3880-4EF5-B642-BA053090D95B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*\", \"versionEndExcluding\": \"1.56.3\", \"matchCriteriaId\": \"5F4CDEA9-CB47-4881-B096-DA896E2364F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*\", \"versionEndIncluding\": \"1.59.2\", \"matchCriteriaId\": \"E65AF7BC-7DAE-408A-8485-FBED22815F75\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*\", \"versionStartIncluding\": \"1.58.0\", \"versionEndExcluding\": \"1.58.3\", \"matchCriteriaId\": \"DD868DDF-C889-4F36-B5E6-68B6D9EA48CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:*\", \"matchCriteriaId\": \"FBD991E2-DB5A-4AAD-95BA-4B5ACB811C96\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndExcluding\": \"6.0.23\", \"matchCriteriaId\": \"4496821E-BD55-4F31-AD9C-A3D66CBBD6BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0.0\", \"versionEndExcluding\": \"7.0.12\", \"matchCriteriaId\": \"8DF7ECF6-178D-433C-AA21-BAE9EF248F37\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndExcluding\": \"6.0.23\", \"matchCriteriaId\": \"1C3418F4-B8BF-4666-BB39-C188AB01F45C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0.0\", \"versionEndExcluding\": \"7.0.12\", \"matchCriteriaId\": \"1278DD1C-EFA9-4316-AD32-24C1B1FB0CEA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2023-10-08\", \"matchCriteriaId\": \"3BDFB0FF-0F4A-4B7B-94E8-ED72A8106314\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.0\", \"versionEndExcluding\": \"17.2.20\", \"matchCriteriaId\": \"16A8F269-E07E-402F-BFD5-60F3988A5EAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.4\", \"versionEndExcluding\": \"17.4.12\", \"matchCriteriaId\": \"C4B2B972-69E2-4D21-9A7C-B2AFF1D89EB8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.6\", \"versionEndExcluding\": \"17.6.8\", \"matchCriteriaId\": \"DA5834D4-F52F-41C0-AA11-C974FFEEA063\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.7\", \"versionEndExcluding\": \"17.7.5\", \"matchCriteriaId\": \"2166106F-ACD6-4C7B-B0CC-977B83CC5F73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*\", \"versionEndExcluding\": \"10.0.14393.6351\", \"matchCriteriaId\": \"4CD49C41-6D90-47D3-AB4F-4A74169D3A8F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*\", \"versionEndExcluding\": \"10.0.14393.6351\", \"matchCriteriaId\": \"BAEFEE13-9CD7-46A2-8AF6-0A33C79C05F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.17763.4974\", \"matchCriteriaId\": \"E500D59C-6597-45E9-A57B-BE26C0C231D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.19044.3570\", \"matchCriteriaId\": \"C9F9A643-90C6-489C-98A0-D2739CE72F86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.19045.3570\", \"matchCriteriaId\": \"1814619C-ED07-49E0-A50A-E28D824D43BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.22000.2538\", \"matchCriteriaId\": \"100A27D3-87B0-4E72-83F6-7605E3F35E63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.22621.2428\", \"matchCriteriaId\": \"C6A36795-0238-45C9-ABE6-3DCCF751915B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB79EE26-FC32-417D-A49C-A1A63165A968\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"821614DD-37DD-44E2-A8A4-FE8D23A33C3C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\", \"versionStartIncluding\": \"18.0.0\", \"versionEndExcluding\": \"18.18.2\", \"matchCriteriaId\": \"C61F0294-5C7E-4DB2-8905-B85D0782F35F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.0.0\", \"versionEndExcluding\": \"20.8.1\", \"matchCriteriaId\": \"69843DE4-4721-4F0A-A9B7-0F6DF5AAA388\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2023-10-11\", \"matchCriteriaId\": \"B25279EF-C406-4133-99ED-0492703E0A4E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2023-10-10\", \"matchCriteriaId\": \"9FFFF84B-F35C-43DE-959A-A5D10C3AE9F5\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2023.10.16.00\", \"matchCriteriaId\": \"9DCE8C89-7C22-48CA-AF22-B34C8AA2CB8C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.6.1\", \"matchCriteriaId\": \"EDEB508E-0EBD-4450-9074-983DDF568AB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndExcluding\": \"8.1.9\", \"matchCriteriaId\": \"93A1A748-6C71-4191-8A16-A93E94E2CDE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.0.0\", \"versionEndExcluding\": \"9.2.3\", \"matchCriteriaId\": \"4E4BCAF6-B246-41EC-9EE1-24296BFC4F5A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:amazon:opensearch_data_prepper:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.5.0\", \"matchCriteriaId\": \"6F70360D-6214-46BA-AF82-6AB01E13E4E9\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:kazu-yamamoto:http2:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.2.2\", \"matchCriteriaId\": \"E2DA759E-1AF8-49D3-A3FC-1B426C13CA82\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.17.6\", \"matchCriteriaId\": \"28BE6F7B-AE66-4C8A-AAFA-F1262671E9BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.18.0\", \"versionEndExcluding\": \"1.18.3\", \"matchCriteriaId\": \"F0C8E760-C8D2-483A-BBD4-6A6D292A3874\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.19.0\", \"versionEndExcluding\": \"1.19.1\", \"matchCriteriaId\": \"5D0F78BB-6A05-4C97-A8DB-E731B6CC8CC7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2023-10-10\", \"matchCriteriaId\": \"050AE218-3871-44D6-94DA-12D84C2093CB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.10.5\", \"matchCriteriaId\": \"B36BFFB0-C0EC-4926-A1DB-0B711C846A68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"376EAF9B-E994-4268-9704-0A45EA30270F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3D08335-C291-4623-B80C-3B14C4D1FA32\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*\", \"matchCriteriaId\": \"21033CEE-CEF5-4B0D-A565-4A6FC764AA6D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:projectcontour:contour:*:*:*:*:*:kubernetes:*:*\", \"versionEndExcluding\": \"2023-10-11\", \"matchCriteriaId\": \"FC4C66B1-42C0-495D-AE63-2889DE0BED84\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:linkerd:linkerd:*:*:*:*:stable:kubernetes:*:*\", \"versionStartIncluding\": \"2.12.0\", \"versionEndIncluding\": \"2.12.5\", \"matchCriteriaId\": \"8633E263-F066-4DD8-A734-90207207A873\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:stable:kubernetes:*:*\", \"matchCriteriaId\": \"34A23BD9-A0F4-4D85-8011-EAC93C29B4E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:stable:kubernetes:*:*\", \"matchCriteriaId\": \"27ED3533-A795-422F-B923-68BE071DC00D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:stable:kubernetes:*:*\", \"matchCriteriaId\": \"45F7E352-3208-4188-A5B1-906E00DF9896\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:stable:kubernetes:*:*\", \"matchCriteriaId\": \"DF89A8AD-66FE-439A-B732-CAAB304D765B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.26.0\", \"matchCriteriaId\": \"A400C637-AF18-4BEE-B57C-145261B65DEC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"653A5B08-0D02-4362-A8B1-D00B24C6C6F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B0E6B4B-BAA6-474E-A18C-72C9719CEC1F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0FD736A-8730-446A-BA3A-7B608DB62B0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4C504B6-3902-46E2-82B7-48AEC9CDD48D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B4BE2D6-43C3-4065-A213-5DB1325DC78F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D54F5AE-61EC-4434-9D5F-9394A3979894\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE29B9D6-63DC-4779-ACE8-4E51E6A0AF37\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E37E1B3-6F68-4502-85D6-68333643BDFF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D5A7736-A403-4617-8790-18E46CB74DA6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33F13B03-69BF-4A8B-A0A0-7F47FD857461\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9393119E-F018-463F-9548-60436F104195\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:cost_management:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC45EE1E-2365-42D4-9D55-92FA24E5ED3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:cryostat:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E567CD9F-5A43-4D25-B911-B5D0440698F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68146098-58F8-417E-B165-5182527117C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:fence_agents_remediation_operator:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB4D6790-63E5-4043-B8BE-B489D649061D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"78698F40-0777-4990-822D-02E1B5D0E2C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B87C8AD3-8878-4546-86C2-BF411876648C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF03BDE8-602D-4DEE-BA5B-5B20FDF47741\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A58966CB-36AF-4E64-AB39-BE3A0753E155\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_a-mq_streams:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"585BC540-073B-425B-B664-5EA4C00AFED6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B453CF7-9AA6-4B94-A003-BF7AE0B82F53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD354E32-A8B0-484C-B4C6-9FBCD3430D2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B142ACCC-F7A9-4A3B-BE60-0D6691D5058D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72A54BDA-311C-413B-8E4D-388AD65A170A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A305F012-544E-4245-9D69-1C8CD37748B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B40CCE4F-EA2C-453D-BB76-6388767E5C6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:logging_subsystem_for_red_hat_openshift:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF93A27E-AA2B-4C2E-9B8D-FE7267847326\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:machine_deletion_remediation_operator:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B12A3A8-6456-481A-A0C9-524543FCC149\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C2E7E3C-A507-4AB2-97E5-4944D8775CF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:migration_toolkit_for_containers:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E22EBF9-AA0D-4712-9D69-DD97679CE835\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:migration_toolkit_for_virtualization:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"941B114C-FBD7-42FF-B1D8-4EA30E99102C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:network_observability_operator:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"339CFB34-A795-49F9-BF6D-A00F3A1A4F63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:node_healthcheck_operator:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D044DBE-6F5A-4C53-828E-7B1A570CACFF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:node_maintenance_operator:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E23FA47F-B967-44AD-AB76-1BB2CAD3CA5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift:-:*:*:*:*:aws:*:*\", \"matchCriteriaId\": \"65203CA1-5225-4E55-A187-6454C091F532\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BF8EFFB-5686-4F28-A68F-1A8854E098CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"932D137F-528B-4526-9A89-CD59FA1AB0FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_container_platform_assisted_installer:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DA9B2E2-958B-478D-87D6-E5CDDCD44315\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3F5FF1E-5DA3-4EC3-B41A-A362BDFC4C69\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99B8A88B-0B31-4CFF-AFD7-C9D3DDD5790D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97321212-0E07-4CC2-A917-7B5F61AB9A5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_distributed_tracing:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF390236-3259-4C8F-891C-62ACC4386CD1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0AAA300-691A-4957-8B69-F6888CC971B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45937289-2D64-47CB-A750-5B4F0D4664A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_sandboxed_containers:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B129311C-EB4B-4041-B85C-44D5E53FCAA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_secondary_scheduler_operator:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1AB54DB-3FB4-41CB-88ED-1400FD22AB85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77675CB7-67D7-44E9-B7FF-D224B3341AA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A76A2BCE-4AAE-46D7-93D6-2EDE0FC83145\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C877879-B84B-471C-80CF-0656521CA8AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCC81071-B46D-4F5D-AC25-B4A4CCC20C73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E315FC5C-FF19-43C9-A58A-CF2A5FF13824\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"20A6B40D-F991-4712-8E30-5FE008505CB7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1987BDA-0113-4603-B9BE-76647EB043F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:run_once_duration_override_operator:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D482A3D2-6E9B-42BA-9926-35E5BDD5F3BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"848C92A9-0677-442B-8D52-A448F2019903\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:self_node_remediation_operator:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F564701-EDC1-43CF-BB9F-287D6992C6CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12B0CF2B-D1E1-4E20-846E-6F0D873499A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:support_for_spring_boot:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8885C2C-7FB8-40CA-BCB9-B48C50BF2499\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:web_terminal:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D88B140-D2A1-4A0A-A2E9-1A3B50C295AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:service_telemetry_framework:1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A903C3AD-2D25-45B5-BF4A-A5BEB2286627\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC5EBD2A-32A3-46D5-B155-B44DCB7F6902\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.5.3\", \"matchCriteriaId\": \"C2792650-851F-4820-B003-06A4BEA092D7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:*\", \"versionEndExcluding\": \"3.4.2\", \"matchCriteriaId\": \"9F6B63B9-F4C9-4A3F-9310-E0918E1070D1\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*\", \"versionEndIncluding\": \"2.414.2\", \"matchCriteriaId\": \"E6FF5F80-A991-43D4-B49F-D843E2BC5798\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*\", \"versionEndIncluding\": \"2.427\", \"matchCriteriaId\": \"54D25DA9-12D0-4F14-83E6-C69D0293AAB9\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.4.0\", \"matchCriteriaId\": \"8E1AFFB9-C717-4727-B0C9-5A0C281710E2\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.21.4.3\", \"matchCriteriaId\": \"25C85001-E0AB-4B01-8EE7-1D9C77CD956E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:connected_mobile_experiences:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.1\", \"matchCriteriaId\": \"F98F9D27-6659-413F-8F29-4FDB0882AAC5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.1.3\", \"matchCriteriaId\": \"C98BF315-C563-47C2-BAD1-63347A3D1008\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:crosswork_data_gateway:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"705CBA49-21C9-4400-B7B9-71CDF9F97D8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.0.0\", \"matchCriteriaId\": \"AA2BE0F1-DD16-4876-8EBA-F187BD38B159\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:data_center_network_manager:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"796B6C58-2140-4105-A2A1-69865A194A75\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:enterprise_chat_and_email:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEA99DC6-EA03-469F-A8BE-7F96FDF0B333\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"x14.3.3\", \"matchCriteriaId\": \"6560DBF4-AFE6-4672-95DE-74A0B8F4170A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.4.2\", \"matchCriteriaId\": \"84785919-796D-41E5-B652-6B5765C81D4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:iot_field_network_director:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.11.0\", \"matchCriteriaId\": \"92A74A1A-C69F-41E6-86D0-D6BB1C5D0A1E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_access_registrar:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.3.3\", \"matchCriteriaId\": \"6FE7BA33-2AC0-4A85-97AD-6D77F20BA2AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_cable_provisioning:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.2.1\", \"matchCriteriaId\": \"4FE2F959-1084-48D1-B1F1-8182FC9862DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.10.4\", \"matchCriteriaId\": \"5CC17E6B-D7AB-40D7-AEC5-F5B555AC4D7F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.2\", \"matchCriteriaId\": \"1BB6B48E-EA36-40A0-96D0-AF909BEC1147\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.2.0\", \"matchCriteriaId\": \"2CBED844-7F94-498C-836D-8593381A9657\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_malware_analytics:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.19.2\", \"matchCriteriaId\": \"C170DBA1-0899-4ECC-9A0D-8FEB1DA1B510\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"x14.3.3\", \"matchCriteriaId\": \"358FA1DC-63D3-49F6-AC07-9E277DD0D9DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2024.01.0\", \"matchCriteriaId\": \"BFF2D182-7599-4B81-B56B-F44EDA1384C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:2024.01.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4868BCCA-24DE-4F24-A8AF-B3A545C0396E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:ultra_cloud_core_-_serving_gateway_function:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2024.02.0\", \"matchCriteriaId\": \"194F7A1F-FD43-4FF7-9AE2-C13AA5567E8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:ultra_cloud_core_-_session_management_function:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2024.02.0\", \"matchCriteriaId\": \"BEC75F99-C7F0-47EB-9032-C9D3A42EBA20\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_attendant_console_advanced:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6638F4E-16F7-447D-B755-52640BCB1C61\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_contact_center_domain_manager:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC34F742-530E-4AB4-8AFC-D1E088E256B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D31CC0E9-8E21-436B-AB84-EA1B1BC60DCD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_contact_center_enterprise_-_live_data_server:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.6.2\", \"matchCriteriaId\": \"E22AD683-345B-4E16-BB9E-E9B1783E09AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_contact_center_management_portal:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5C0D694-9E24-4782-B35F-D7C3E3B0F2ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:fog_director:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.22\", \"matchCriteriaId\": \"2955BEE9-F567-4006-B96D-92E10FF84DB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"17.15.1\", \"matchCriteriaId\": \"67502878-DB20-4410-ABA0-A1C5705064CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.11.2\", \"matchCriteriaId\": \"177DED2D-8089-4494-BDD9-7F84FC06CD5B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:secure_web_appliance_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"15.1.0\", \"matchCriteriaId\": \"54A29FD3-4128-4333-8445-A7DD04A6ECF6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:secure_web_appliance:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"67074526-9933-46B3-9FE3-A0BE73C5E8A7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.2\\\\(7\\\\)\", \"matchCriteriaId\": \"EEB32D2E-AD9D-44A0-AEF7-689F7D2605C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.3\\\\(1\\\\)\", \"versionEndExcluding\": \"10.3\\\\(5\\\\)\", \"matchCriteriaId\": \"0A236A0A-6956-4D79-B8E5-B2D0C79FAE88\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"528ED62B-D739-4E06-AC64-B506FD73BBAB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D402AB0-BCFB-4F42-8C50-5DC930AEEC8B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC2A6C31-438A-4CF5-A3F3-364B1672EB7D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76C10D85-88AC-4A79-8866-BED88A0F8DF8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3064-32t:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09AC2BAD-F536-48D0-A2F0-D4E290519EB6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65CB7F6D-A82B-4A31-BFAC-FF4A4B8DF9C1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3064-x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECC4FFCC-E886-49BC-9737-5B5BA2AAB14B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F4E8EE4-031D-47D3-A12E-EE5F792172EE\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"00CDD8C3-67D5-4E9F-9D48-A77B55DB0AB1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41C14CC9-C244-4B86-AEA6-C50BAD5DA9A6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3100-v:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8FF2EC4-0C09-4C00-9956-A2A4A894F63D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D14D4B4E-120E-4607-A4F1-447C7BF3052E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15702ACB-29F3-412D-8805-E107E0729E35\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E930332-CDDD-48D5-93BC-C22D693BBFA2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_31108pv-v:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"29B34855-D8D2-4114-80D2-A4D159C62458\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BF4B8FE-E134-4491-B5C2-C1CFEB64731B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4226DA0-9371-401C-8247-E6E636A116C3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7664666F-BCE4-4799-AEEA-3A73E6AD33F4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3DBBFE9-835C-4411-8492-6006E74BAC65\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3293438-3D18-45A2-B093-2C3F65783336\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C97C29EE-9426-4BBE-8D84-AB5FF748703D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3132q-x\\\\/3132q-xl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E142C18F-9FB5-4D96-866A-141D7D16CAF7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F43B770-D96C-44EA-BC12-9F39FC4317B9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA782EB3-E8E6-4DCF-B39C-B3CBD46E4384\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7817F4E6-B2DA-4F06-95A4-AF329F594C02\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CED628B5-97A8-4B26-AA40-BEC854982157\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BB9DD73-E31D-4921-A6D6-E14E04703588\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3172pq\\\\/pq-xl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EFC116A-627F-4E05-B631-651D161217C8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4532F513-0543-4960-9877-01F23CA7BA1B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B43502B-FD53-465A-B60F-6A359C6ACD99\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3229124-B097-4AAC-8ACD-2F9C89DCC3AB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32A532C0-B0E3-484A-B356-88970E7D0248\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3232:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C84D24C-2256-42AF-898A-221EBE9FE1E4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"652A2849-668D-4156-88FB-C19844A59F33\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3232c_:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D008CA1C-6F5A-40EA-BB12-A9D84D5AF700\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24FBE87B-8A4F-43A8-98A3-4A7D9C630937\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6ACD09AC-8B28-4ACB-967B-AB3D450BC137\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3400:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"43913A0E-50D5-47DD-94D8-DD3391633619\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D397349-CCC6-479B-9273-FB1FFF4F34F2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC7286A7-780F-4A45-940A-4AD5C9D0F201\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_34200yc-sm:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA52D5C1-13D8-4D23-B022-954CCEF491F1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F7AF8D7-431B-43CE-840F-CC0817D159C0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DAC204C8-1A5A-4E85-824E-DC9B8F6A802D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8E1073F-D374-4311-8F12-AD8C72FAA293\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EAF5AF71-15DF-4151-A1CF-E138A7103FC8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10F80A72-AD54-4699-B8AE-82715F0B58E2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3524-x\\\\/xl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E505C0B1-2119-4C6A-BF96-C282C633D169\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9354B6A2-D7D6-442E-BF4C-FE8A336D9E94\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"088C0323-683A-44F5-8D42-FF6EC85D080E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74CB4002-7636-4382-B33E-FBA060A13C34\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3548-x\\\\/xl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"915EF8F6-6039-4DD0-B875-30D911752B74\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10CEBF73-3EE0-459A-86C5-F8F6243FE27C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97217080-455C-48E4-8CE1-6D5B9485864F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95D2C4C3-65CE-4612-A027-AF70CEFC3233\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57572E4A-78D5-4D1A-938B-F05F01759612\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.2\\\\(7\\\\)\", \"matchCriteriaId\": \"EEB32D2E-AD9D-44A0-AEF7-689F7D2605C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.3\\\\(1\\\\)\", \"versionEndExcluding\": \"10.3\\\\(5\\\\)\", \"matchCriteriaId\": \"0A236A0A-6956-4D79-B8E5-B2D0C79FAE88\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CD9C1F1-8582-4F67-A77D-97CBFECB88B8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"532CE4B0-A3C9-4613-AAAF-727817D06FB4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9200yc:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24CA1A59-2681-4507-AC74-53BD481099B9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4283E433-7F8C-4410-B565-471415445811\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_92160yc_switch:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF9147C9-5D8B-40F5-9AAA-66A3495A0AD8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9221c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFB9FDE8-8533-4F65-BF32-4066D042B2F7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F80AB6FB-32FD-43D7-A9F1-80FA47696210\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_92300yc_switch:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3AA5389A-8AD1-476E-983A-54DF573C30F5\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5B2E4C1-2627-4B9D-8E92-4B483F647651\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_92304qc_switch:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C1B1A8F1-45B1-4E64-A254-7191FA93CB6D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9232e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83DA8BFA-D7A2-476C-A6F5-CAE610033BC2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"557ED31C-C26A-4FAE-8B14-D06B49F7F08B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11411BFD-3F4D-4309-AB35-A3629A360FB0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9236c_switch:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB2FFD26-8255-4351-8594-29D2AEFC06EF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E663DE91-C86D-48DC-B771-FA72A8DF7A7C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9272q_switch:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"61E10975-B47E-4F4D-8096-AEC7B7733612\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92E2CB2B-DA11-4CF7-9D57-3D4D48990DC0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A90184B3-C82F-4CE5-B2AD-97D5E4690871\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40E40F42-632A-47DF-BE33-DC25B826310B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93108tc-ex_switch:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C67B7A6-9BB2-41FC-8FA3-8D0DF67CBC68\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4AB89849-6DA4-4C9D-BC3F-EE0E41FD1901\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C47F6BF9-2ADB-41A4-8D7D-8BB00141BB23\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93108tc-fx3h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16C64136-89C2-443C-AF7B-BED81D3DE25A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BBEF7F26-BB47-44BD-872E-130820557C23\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07DE6F63-2C7D-415B-8C34-01EC05C062F3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93120tx_switch:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"182000E0-8204-4D8B-B7DE-B191AFE12E28\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93128:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F309E7B9-B828-4CD2-9D2B-8966EE5B9CC1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F423E45D-A6DD-4305-9C6A-EAB26293E53A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93128tx_switch:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDC208BC-7E19-48C6-A20E-A79A51B7362C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"102F91CD-DFB6-43D4-AE5B-DA157A696230\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E952A96A-0F48-4357-B7DD-1127D8827650\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93180lc-ex_switch:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"084D0191-563B-4FF0-B589-F35DA118E1C6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93180tc-ex:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7DB6FC5-762A-4F16-AE8C-69330EFCF640\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F70D81F1-8B12-4474-9060-B4934D8A3873\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5394DE31-3863-4CA9-B7B1-E5227183100D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93180yc-ex_switch:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"968390BC-B430-4903-B614-13104BFAE635\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7349D69B-D8FA-4462-AA28-69DD18A652D9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE4BB834-2C00-4384-A78E-AF3BCDDC58AF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0D30D52-837F-4FDA-B8E5-A9066E9C6D2F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93180yc-fx3h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6678B8A-D905-447E-BE7E-6BFB4CC5DAFE\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CE49B45-F2E9-491D-9C29-1B46E9CE14E2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1CC5F78-E88B-4B82-9E3E-C73D3A49DE26\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93240tc-fx2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BFAD21E-59EE-4CCE-8F1E-621D2EA50905\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"91231DC6-2773-4238-8C14-A346F213B5E5\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2DF88547-BAF4-47B0-9F60-80A30297FCEB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9332d-gx2b:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"02C3CE6D-BD54-48B1-A188-8E53DA001424\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9332d-h2r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"498991F7-39D6-428C-8C7D-DD8DC72A0346\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"113772B6-E9D2-4094-9468-3F4E1A87D07D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9332pq_switch:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7B90D36-5124-4669-8462-4EAF35B0F53D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C45A38D6-BED6-4FEF-AD87-A1E813695DE0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1FC2B1F-232E-4754-8076-CC82F3648730\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CDD27C9-5EAF-4956-8AB7-740C84C9D4FC\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9336pq:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F1127D2-12C0-454F-91EF-5EE334070D06\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9336pq_aci:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D6EB963-E0F2-4A02-8765-AB2064BE19E9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"785FD17C-F32E-4042-9DDE-A89B3AAE0334\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9336pq_aci_spine_switch:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEAAF99B-5406-4722-81FB-A91CBAC2DF41\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9348d-gx2a:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73DC1E93-561E-490C-AE0E-B02BAB9A7C8E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9348gc-fx3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12DA2DE5-8ADA-4D6A-BC1A-9C06FA163B1C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17C7E3DB-8E1A-47AD-B1C5-61747DC0CFB9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CF467E2-4567-426E-8F48-39669E0F514C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"63842B25-8C32-4988-BBBD-61E9CB09B4F3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9364c-gx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68EA1FEF-B6B6-49FE-A0A4-5387F76303F8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9364d-gx2a:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40D6DB7F-C025-4971-9615-73393ED61078\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4364ADB9-8162-451D-806A-B98924E6B2CF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B53BCB42-ED61-4FCF-8068-CB467631C63C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9372px-e_switch:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"737C724A-B6CD-4FF7-96E0-EBBF645D660E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9372px_switch:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7067AEC7-DFC8-4437-9338-C5165D9A8F36\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49E0371B-FDE2-473C-AA59-47E1269D050F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"489D11EC-5A18-4F32-BC7C-AC1FCEC27222\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9372tx-e_switch:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71D4CF15-B293-4403-A1A9-96AD3933BAEF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9372tx_switch:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DBCC1515-2DBE-4DF2-8E83-29A869170F36\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1BC5293E-F2B4-46DC-85DA-167EA323FCFD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9396px_switch:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7282AAFF-ED18-4992-AC12-D953C35EC328\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA022E77-6557-4A33-9A3A-D028E2DB669A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9396tx_switch:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"360409CC-4172-4878-A76B-EA1C1F8C7A79\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9408:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8D5D5E2-B40B-475D-9EF3-8441016E37E9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9432pq:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDA8E1F0-74A6-4725-B6AA-A1112EFC5D0C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"63BE0266-1C00-4D6A-AD96-7F82532ABAA7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9500_16-slot:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73F59A4B-AE92-4533-8EDC-D1DD850309FF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9500_4-slot:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"492A2C86-DD38-466B-9965-77629A73814F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9500_8-slot:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1FB7AA46-4018-4925-963E-719E1037F759\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9500_supervisor_a:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31B9D1E4-10B9-4B6F-B848-D93ABF6486D6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9500_supervisor_a\\\\+:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB270C45-756E-400A-979F-D07D750C881A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9500_supervisor_b:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E8A085C-2DBA-4269-AB01-B16019FBB4DA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9500_supervisor_b\\\\+:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A79DD582-AF68-44F1-B640-766B46EF2BE2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9500r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B04484DA-AA59-4833-916E-6A8C96D34F0D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"768BE390-5ED5-48A7-9E80-C4DE8BA979B1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9504_switch:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D07B5399-44C7-468D-9D57-BB5B5E26CE50\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DDC2F709-AFBE-48EA-A3A2-DA1134534FB6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9508_switch:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B76FB64F-16F0-4B0B-B304-B46258D434BA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E02DC82-0D26-436F-BA64-73C958932B0A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9516_switch:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E128053-834B-4DD5-A517-D14B4FC2B56F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9536pq:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"163743A1-09E7-4EC5-8ECA-79E4B9CE173B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9636pq:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE340E4C-DC48-4FC8-921B-EE304DB5AE0A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9716d-gx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C367BBE0-D71F-4CB5-B50E-72B033E73FE1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9736pq:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85E1D224-4751-4233-A127-A041068C804A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9800:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD31B075-01B1-429E-83F4-B999356A0EB9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9804:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A10C9C0A-C96A-4B45-90D0-6ED457EB5F4C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9808:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3284D16F-3275-4F8D-8AE4-D413DE19C4FA\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.\"}, {\"lang\": \"es\", \"value\": \"El protocolo HTTP/2 permite una denegaci\\u00f3n de servicio (consumo de recursos del servidor) porque la cancelaci\\u00f3n de solicitudes puede restablecer muchas transmisiones r\\u00e1pidamente, como se explot\\u00f3 en la naturaleza entre agosto y octubre de 2023.\"}]",
"id": "CVE-2023-44487",
"lastModified": "2024-12-20T17:40:52.067",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2023-10-10T14:15:10.883",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/13/4\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/13/9\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/18/4\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/18/8\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/19/6\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/20/8\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://access.redhat.com/security/cve/cve-2023-44487\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Press/Media Coverage\", \"Third Party Advisory\"]}, {\"url\": \"https://aws.amazon.com/security/security-bulletins/AWS-2023-011/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Technical Description\"]}, {\"url\": \"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack\", \"source\": \"cve@mitre.org\", \"tags\": [\"Press/Media Coverage\", \"Third Party Advisory\"]}, {\"url\": \"https://blog.vespa.ai/cve-2023-44487/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.proxmox.com/show_bug.cgi?id=4988\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2242803\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1216123\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Technical Description\"]}, {\"url\": \"https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack\", \"source\": \"cve@mitre.org\", \"tags\": [\"Technical Description\"]}, {\"url\": \"https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve\", \"source\": \"cve@mitre.org\", \"tags\": [\"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/Azure/AKS/issues/3947\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/Kong/kong/discussions/11741\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/advisories/GHSA-qppj-fm5r-hxr3\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/advisories/GHSA-vx74-f528-fxqg\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/advisories/GHSA-xpw8-rcwv-8f8p\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/akka/akka-http/issues/4323\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/alibaba/tengine/issues/1872\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/apache/apisix/issues/10320\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/apache/httpd-site/pull/10\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113\", \"source\": \"cve@mitre.org\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Product\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/apache/trafficserver/pull/10564\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/bcdannyboy/CVE-2023-44487\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/caddyserver/caddy/issues/5877\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/caddyserver/caddy/releases/tag/v2.7.5\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/dotnet/announcements/issues/277\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Mitigation\"]}, {\"url\": \"https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73\", \"source\": \"cve@mitre.org\", \"tags\": [\"Product\", \"Release Notes\"]}, {\"url\": \"https://github.com/eclipse/jetty.project/issues/10679\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/envoyproxy/envoy/pull/30055\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/etcd-io/etcd/issues/16740\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/facebook/proxygen/pull/466\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/golang/go/issues/63417\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/grpc/grpc-go/pull/6703\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/h2o/h2o/pull/3291\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/haproxy/haproxy/issues/2312\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244\", \"source\": \"cve@mitre.org\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/junkurihara/rust-rpxy/issues/97\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/kazu-yamamoto/http2/issues/93\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/kubernetes/kubernetes/pull/121120\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/line/armeria/pull/5232\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/micrictor/http2-rst-stream\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/microsoft/CBL-Mariner/pull/6381\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/nghttp2/nghttp2/pull/1961\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/ninenines/cowboy/issues/1615\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/nodejs/node/pull/50121\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/openresty/openresty/issues/930\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/opensearch-project/data-prepper/issues/3474\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/oqtane/oqtane.framework/discussions/3367\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/projectcontour/contour/pull/5826\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/tempesta-tech/tempesta/issues/1986\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/varnishcache/varnish-cache/issues/3996\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Release Notes\"]}, {\"url\": \"https://istio.io/latest/news/security/istio-security-2023-004/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://my.f5.com/manage/s/article/K000137106\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://netty.io/news/2023/10/10/4-1-100-Final.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37830987\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37830998\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37831062\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37837043\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-09\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231016-0001/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240426-0007/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0007/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.paloaltonetworks.com/CVE-2023-44487\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://ubuntu.com/security/CVE-2023-44487\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event\", \"source\": \"cve@mitre.org\", \"tags\": [\"Press/Media Coverage\", \"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5521\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5522\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5540\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5549\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5558\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5570\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mitigation\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/10/10/6\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack\", \"source\": \"cve@mitre.org\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Press/Media Coverage\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/13/4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/13/9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/18/4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/18/8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/19/6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/20/8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://access.redhat.com/security/cve/cve-2023-44487\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Press/Media Coverage\", \"Third Party Advisory\"]}, {\"url\": \"https://aws.amazon.com/security/security-bulletins/AWS-2023-011/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Technical Description\", \"Vendor Advisory\"]}, {\"url\": \"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Press/Media Coverage\", \"Third Party Advisory\"]}, {\"url\": \"https://blog.vespa.ai/cve-2023-44487/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.proxmox.com/show_bug.cgi?id=4988\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2242803\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1216123\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Technical Description\", \"Vendor Advisory\"]}, {\"url\": \"https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Technical Description\", \"Vendor Advisory\"]}, {\"url\": \"https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/Azure/AKS/issues/3947\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/Kong/kong/discussions/11741\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/advisories/GHSA-qppj-fm5r-hxr3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/advisories/GHSA-vx74-f528-fxqg\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Patch\"]}, {\"url\": \"https://github.com/advisories/GHSA-xpw8-rcwv-8f8p\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/akka/akka-http/issues/4323\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/alibaba/tengine/issues/1872\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/apache/apisix/issues/10320\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/apache/httpd-site/pull/10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/apache/trafficserver/pull/10564\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/bcdannyboy/CVE-2023-44487\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/caddyserver/caddy/issues/5877\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/caddyserver/caddy/releases/tag/v2.7.5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/dotnet/announcements/issues/277\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/eclipse/jetty.project/issues/10679\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/envoyproxy/envoy/pull/30055\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/etcd-io/etcd/issues/16740\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/facebook/proxygen/pull/466\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/golang/go/issues/63417\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/grpc/grpc-go/pull/6703\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/h2o/h2o/pull/3291\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/haproxy/haproxy/issues/2312\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/junkurihara/rust-rpxy/issues/97\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/kazu-yamamoto/http2/issues/93\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/kubernetes/kubernetes/pull/121120\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/line/armeria/pull/5232\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/micrictor/http2-rst-stream\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/microsoft/CBL-Mariner/pull/6381\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/nghttp2/nghttp2/pull/1961\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/ninenines/cowboy/issues/1615\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/nodejs/node/pull/50121\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/openresty/openresty/issues/930\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/opensearch-project/data-prepper/issues/3474\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/oqtane/oqtane.framework/discussions/3367\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/projectcontour/contour/pull/5826\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/tempesta-tech/tempesta/issues/1986\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/varnishcache/varnish-cache/issues/3996\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://istio.io/latest/news/security/istio-security-2023-004/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://my.f5.com/manage/s/article/K000137106\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://netty.io/news/2023/10/10/4-1-100-Final.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37830987\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37830998\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Press/Media Coverage\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37831062\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37837043\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-09\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231016-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240426-0007/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0007/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.paloaltonetworks.com/CVE-2023-44487\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://ubuntu.com/security/CVE-2023-44487\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Press/Media Coverage\", \"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5521\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5522\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5540\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5549\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5558\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5570\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/10/10/6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Press/Media Coverage\", \"Third Party Advisory\"]}, {\"url\": \"https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-44487\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-10-10T14:15:10.883\",\"lastModified\":\"2026-05-12T15:10:32.260\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.\"},{\"lang\":\"es\",\"value\":\"El protocolo HTTP/2 permite una denegaci\u00f3n de servicio (consumo de recursos del servidor) porque la cancelaci\u00f3n de solicitudes puede restablecer muchas transmisiones r\u00e1pidamente, como se explot\u00f3 en la naturaleza entre agosto y octubre de 2023.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"cisaExploitAdd\":\"2023-10-10\",\"cisaActionDue\":\"2023-10-31\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"HTTP/2 Rapid Reset Attack Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518f-4_pn\\\\/dp_mfp_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1.5\",\"matchCriteriaId\":\"2A7548B8-3DF7-46D9-8A4F-87C38969D900\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn\\\\/dp_mfp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B1EE93D-BAD2-4B86-910C-8784FCC9F398\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0\",\"matchCriteriaId\":\"C89891C1-DFD7-4E1F-80A9-7485D86A15B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"4664B195-AF14-4834-82B3-0B2C98020EB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"75BC588E-CDF0-404E-AD61-02093A1DF343\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A334F7B4-7283-4453-BAED-D2E01B7F8A6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6BEA71C-CA81-4B5D-A688-2B21E62DC351\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B405F22-5517-49F5-A7CA-1E50D58DFC75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.0\",\"matchCriteriaId\":\"AE06B8AF-B36C-4743-A056-30712163F75B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:st7_scadaconnect:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.1\",\"matchCriteriaId\":\"BCBD17AE-C1AE-4ECF-A991-0FFBDD06D687\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ruggedcom_ape1808_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37FDCA69-9049-40B4-88AF-F476901022B6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_ape1808:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B89A6863-B602-4404-8D26-337FECABFFF0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn\\\\/dp_mfp_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1.5\",\"matchCriteriaId\":\"99E36624-A573-47D9-B158-B18A8A822FBA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn\\\\/dp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40F38253-92F5-4A3A-AA07-292F7542D8A6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:siplus_s7-1500_cpu_1518-4_pn\\\\/dp_mfp_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1.5\",\"matchCriteriaId\":\"19F1C257-0EE6-47DE-B4BE-169F801FFDD8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:siplus_s7-1500_cpu_1518-4_pn\\\\/dp_mfp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2F63E0A-126D-4A93-8159-45EB5E606F81\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5200E35-222B-42E0-83E0-5B702684D992\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.57.0\",\"matchCriteriaId\":\"C3BDC297-F023-4E87-8518-B84CCF9DD6A8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.100\",\"matchCriteriaId\":\"D12D5257-7ED2-400F-9EF7-40E0D3650C2B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:1.24.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B058776-B5B7-4079-B0AF-23F40926DCEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:1.25.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D565975-EFD9-467C-B6E3-1866A4EF17A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:1.26.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D487271-1B5E-4F16-B0CB-A7B8908935C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:1.27.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA6ED627-EFB3-4BDD-8ECC-C5947A1470B2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.4.53\",\"matchCriteriaId\":\"A4A6F189-6C43-462D-85C9-B0EBDA8A4683\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.17\",\"matchCriteriaId\":\"C993C920-85C0-4181-A95E-5D965A670738\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndExcluding\":\"11.0.17\",\"matchCriteriaId\":\"08E79A8E-E12C-498F-AF4F-1AAA7135661E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndExcluding\":\"12.0.2\",\"matchCriteriaId\":\"F138D800-9A3B-4C76-8A3C-4793083A1517\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.5\",\"matchCriteriaId\":\"6341DDDA-AD27-4087-9D59-0A212F0037B4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.20.10\",\"matchCriteriaId\":\"328120E4-C031-44B4-9BE5-03B0CDAA066F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.21.0\",\"versionEndExcluding\":\"1.21.3\",\"matchCriteriaId\":\"5FD9AB15-E5F6-4DBC-9EC7-D0ABA705802A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.17.0\",\"matchCriteriaId\":\"D7D2F801-6F65-4705-BCB9-D057EA54A707\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.17.0\",\"matchCriteriaId\":\"801F25DA-F38C-4452-8E90-235A3B1A5FF0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"D93F04AD-DF14-48AB-9F13-8B2E491CF42E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"7522C760-7E07-406F-BF50-5656D5723C4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"3A7F605E-EB10-40FB-98D6-7E3A95E310BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"783E62F2-F867-48F1-B123-D1227C970674\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A8D90B7-A1AF-4EFB-B688-1563D81E5C6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"6603ED6A-3366-4572-AFCD-B3D4B1EC7606\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"88978E38-81D3-4EFE-8525-A300B101FA69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"0510296F-92D7-4388-AE3A-0D9799C2FC4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"D7698D6C-B1F7-43C1-BBA6-88E956356B3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A1CC91B-6920-4AF0-9EDD-DD3189E78F4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"05E452AA-A520-4CBE-8767-147772B69194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"596FC5D5-7329-4E39-841E-CAE937C02219\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"B3C7A168-F370-441E-8790-73014BCEC39F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"CF16FD01-7704-40AB-ACB2-80A883804D22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1769D69A-CB59-46B1-89B3-FB97DC6DEB9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"9167FEC1-2C37-4946-9657-B4E69301FB24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"7B4B3442-E0C0-48CD-87AD-060E15C9801E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"8FA85EC1-D91A-49DD-949B-2AF7AC813CA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"20662BB0-4C3D-4CF0-B068-3555C65DD06C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59203EBF-C52A-45A1-B8DF-00E17E3EFB51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"7EC2324D-EC8B-41DF-88A7-819E53AAD0FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"9B88F9D1-B54B-40C7-A18A-26C4A071D7EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"C8F39403-C259-4D6F-9E9A-53671017EEDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"220F2D38-FA82-45EF-B957-7678C9FEDBC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C698C1C-A3DD-46E2-B05A-12F2604E7F85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"922AA845-530A-4B4B-9976-4CBC30C8A324\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"F938EB43-8373-47EB-B269-C6DF058A9244\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"1771493E-ACAA-477F-8AB4-25DB12F6AD6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"5E86F3D5-65A4-48CE-A6A2-736BBB88E3F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87670A74-34FE-45DF-A725-25B804C845B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"C7E422F6-C4C2-43AC-B137-0997B5739030\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"CC3F710F-DBCB-4976-9719-CF063DA22377\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"4B9B76A1-7C5A-453F-A4ED-F1A81BCEBEB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"88EDFCD9-775C-48FA-9CDA-2B04DA8D0612\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67DB21AE-DF53-442D-B492-C4ED9A20B105\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"4C9FCBCB-9CE0-49E7-85C8-69E71D211912\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"112DFA85-90AD-478D-BD70-8C7C0C074F1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"DB704A1C-D8B7-48BB-A15A-C14DB591FE4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"21D51D9F-2840-4DEA-A007-D20111A1745C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BC1D037-74D2-4F92-89AD-C90F6CBF440B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"CAEF3EA4-7D5A-4B44-9CE3-258AEC745866\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"2FBCE2D1-9D93-415D-AB2C-2060307C305A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"8070B469-8CC4-4D2F-97D7-12D0ABB963C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"A326597E-725D-45DE-BEF7-2ED92137B253\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B235A78-649B-46C5-B24B-AB485A884654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"08B25AAB-A98C-4F89-9131-29E3A8C0ED23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"ED9B976A-D3AD-4445-BF8A-067C3EBDFBB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"98D2CE1E-DED0-470A-AA78-C78EF769C38E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"C966FABA-7199-4F0D-AB8C-4590FE9D2FFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84D00768-E71B-4FF7-A7BF-F2C8CFBC900D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"E3D2ABA3-D4A9-4267-B0DF-7C3BBEEAEB66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"BC36311E-BB00-4750-85C8-51F5A2604F07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"A65D357E-4B40-42EC-9AAA-2B6CEF78C401\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"D7EF9865-FE65-4DFB-BF21-62FBCE65FF1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABBD10E8-6054-408F-9687-B9BF6375CA09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"E6018B01-048C-43BB-A78D-66910ED60CA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"3A6A5686-5A8B-45D5-9165-BC99D2CCAC47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"5D2A121F-5BD2-4263-8ED3-1DDE25B5C306\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"0A4F7BAD-3EDD-4DE0-AAB7-DE5ACA34DD79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83794B04-87E2-4CA9-81F5-BB820D0F5395\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"D9EC2237-117F-43BD-ADEC-516CF72E04EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"F70D4B6F-65CF-48F4-9A07-072DFBCE53D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"29563719-1AF2-4BB8-8CCA-A0869F87795D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"D24815DD-579A-46D1-B9F2-3BB2C56BC54D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A6E7035-3299-474F-8F67-945EA9A059D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"0360F76D-E75E-4B05-A294-B47012323ED9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"7A4607BF-41AC-4E84-A110-74E085FF0445\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"441CC945-7CA3-49C0-AE10-94725301E31D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"46BA8E8A-6ED5-4FB2-8BBC-586AA031085A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56FB92F7-FF1E-425D-A5AB-9D9FB0BB9450\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_next:20.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"969C4F14-F6D6-46D6-B348-FC1463877680\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.5.0\",\"versionEndIncluding\":\"1.8.2\",\"matchCriteriaId\":\"41AD5040-1250-45F5-AB63-63F333D49BCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"8257AA59-C14D-4EC1-B22C-DFBB92CBC297\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"37DB32BB-F4BA-4FB5-94B1-55C3F06749CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"FFF5007E-761C-4697-8D34-C064DF0ABE8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"910441D3-90EF-4375-B007-D51120A60AB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"667EB77B-DA13-4BA4-9371-EE3F3A109F38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"8A6F9699-A485-4614-8F38-5A556D31617E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"5A90F547-97A2-41EC-9FDF-25F869F0FA38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"E76E1B82-F1DC-4366-B388-DBDF16C586A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"660137F4-15A1-42D1-BBAC-99A1D5BB398B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C446827A-1F71-4FAD-9422-580642D26AD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"1932D32D-0E4B-4BBD-816F-6D47AB2E2F04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"D47B7691-A95B-45C0-BAB4-27E047F3C379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"2CD1637D-0E42-4928-867A-BA0FDB6E8462\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"3A599F90-F66B-4DF0-AD7D-D234F328BD59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D1B2000-C3FE-4B4C-885A-A5076EB164E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"5326759A-AFB0-4A15-B4E9-3C9A2E5DB32A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"57D92D05-C67D-437E-88F3-DCC3F6B0ED2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"ECCB8C30-861E-4E48-A5F5-30EE523C1FB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"F5FEAD2A-3A58-432E-BEBB-6E3FDE24395F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AB23AE6-245E-43D6-B832-933F8259F937\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.9.5\",\"versionEndIncluding\":\"1.25.2\",\"matchCriteriaId\":\"1188B4A9-2684-413C-83D1-E91C75AE0FCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndIncluding\":\"2.4.2\",\"matchCriteriaId\":\"3337609D-5291-4A52-BC6A-6A8D4E60EB20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndIncluding\":\"3.3.0\",\"matchCriteriaId\":\"6CF0ABD9-EB28-4966-8C31-EED7AFBF1527\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"r25\",\"versionEndExcluding\":\"r29\",\"matchCriteriaId\":\"F291CB34-47A4-425A-A200-087CC295AEC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r29:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"5892B558-EC3A-43FF-A1D5-B2D9F70796F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"96BF2B19-52C7-4051-BA58-CAE6F912B72F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.5.0\",\"versionEndIncluding\":\"8.5.93\",\"matchCriteriaId\":\"ABD26B48-CC80-4FAE-BD3D-78DE4C80C92B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndIncluding\":\"9.0.80\",\"matchCriteriaId\":\"F3EC20B6-B2AB-41F5-9BF9-D16C1FE67C34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.0\",\"versionEndIncluding\":\"10.1.13\",\"matchCriteriaId\":\"0765CC3D-AB1A-4147-8900-EF4C105321F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1AA7FF6-E8E7-4BF6-983E-0A99B0183008\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*\",\"matchCriteriaId\":\"57088BDD-A136-45EF-A8A1-2EBF79CEC2CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*\",\"matchCriteriaId\":\"B32D1D7A-A04F-444E-8F45-BB9A9E4B0199\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AAD52CE-94F5-4F98-A027-9A7E68818CB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*\",\"matchCriteriaId\":\"03A171AF-2EC8-4422-912C-547CDB58CAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*\",\"matchCriteriaId\":\"538E68C4-0BA4-495F-AEF8-4EF6EE7963CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*\",\"matchCriteriaId\":\"49350A6E-5E1D-45B2-A874-3B8601B3ADCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F50942F-DF54-46C0-8371-9A476DD3EEA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*\",\"matchCriteriaId\":\"D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*\",\"matchCriteriaId\":\"98792138-DD56-42DF-9612-3BDC65EEC117\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:swiftnio_http\\\\/2:*:*:*:*:*:swift:*:*\",\"versionEndExcluding\":\"1.28.0\",\"matchCriteriaId\":\"08190072-3880-4EF5-B642-BA053090D95B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"1.56.3\",\"matchCriteriaId\":\"5F4CDEA9-CB47-4881-B096-DA896E2364F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*\",\"versionEndIncluding\":\"1.59.2\",\"matchCriteriaId\":\"E65AF7BC-7DAE-408A-8485-FBED22815F75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*\",\"versionStartIncluding\":\"1.58.0\",\"versionEndExcluding\":\"1.58.3\",\"matchCriteriaId\":\"DD868DDF-C889-4F36-B5E6-68B6D9EA48CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:*\",\"matchCriteriaId\":\"FBD991E2-DB5A-4AAD-95BA-4B5ACB811C96\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.0.23\",\"matchCriteriaId\":\"4496821E-BD55-4F31-AD9C-A3D66CBBD6BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.12\",\"matchCriteriaId\":\"8DF7ECF6-178D-433C-AA21-BAE9EF248F37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.0.23\",\"matchCriteriaId\":\"1C3418F4-B8BF-4666-BB39-C188AB01F45C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.12\",\"matchCriteriaId\":\"1278DD1C-EFA9-4316-AD32-24C1B1FB0CEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023-10-08\",\"matchCriteriaId\":\"3BDFB0FF-0F4A-4B7B-94E8-ED72A8106314\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.0\",\"versionEndExcluding\":\"17.2.20\",\"matchCriteriaId\":\"16A8F269-E07E-402F-BFD5-60F3988A5EAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.4\",\"versionEndExcluding\":\"17.4.12\",\"matchCriteriaId\":\"C4B2B972-69E2-4D21-9A7C-B2AFF1D89EB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.6\",\"versionEndExcluding\":\"17.6.8\",\"matchCriteriaId\":\"DA5834D4-F52F-41C0-AA11-C974FFEEA063\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.7\",\"versionEndExcluding\":\"17.7.5\",\"matchCriteriaId\":\"2166106F-ACD6-4C7B-B0CC-977B83CC5F73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*\",\"versionEndExcluding\":\"10.0.14393.6351\",\"matchCriteriaId\":\"4CD49C41-6D90-47D3-AB4F-4A74169D3A8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*\",\"versionEndExcluding\":\"10.0.14393.6351\",\"matchCriteriaId\":\"BAEFEE13-9CD7-46A2-8AF6-0A33C79C05F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.17763.4974\",\"matchCriteriaId\":\"E500D59C-6597-45E9-A57B-BE26C0C231D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19044.3570\",\"matchCriteriaId\":\"C9F9A643-90C6-489C-98A0-D2739CE72F86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19045.3570\",\"matchCriteriaId\":\"1814619C-ED07-49E0-A50A-E28D824D43BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.22000.2538\",\"matchCriteriaId\":\"100A27D3-87B0-4E72-83F6-7605E3F35E63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.22621.2428\",\"matchCriteriaId\":\"C6A36795-0238-45C9-ABE6-3DCCF751915B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB79EE26-FC32-417D-A49C-A1A63165A968\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"821614DD-37DD-44E2-A8A4-FE8D23A33C3C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.0.0\",\"versionEndExcluding\":\"18.18.2\",\"matchCriteriaId\":\"94BAB9EB-1527-4D9A-BADE-0708579536CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.0.0\",\"versionEndExcluding\":\"20.8.1\",\"matchCriteriaId\":\"69843DE4-4721-4F0A-A9B7-0F6DF5AAA388\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023-10-11\",\"matchCriteriaId\":\"B25279EF-C406-4133-99ED-0492703E0A4E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023-10-10\",\"matchCriteriaId\":\"9FFFF84B-F35C-43DE-959A-A5D10C3AE9F5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023.10.16.00\",\"matchCriteriaId\":\"9DCE8C89-7C22-48CA-AF22-B34C8AA2CB8C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.6.1\",\"matchCriteriaId\":\"EDEB508E-0EBD-4450-9074-983DDF568AB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.1.9\",\"matchCriteriaId\":\"93A1A748-6C71-4191-8A16-A93E94E2CDE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.2.3\",\"matchCriteriaId\":\"4E4BCAF6-B246-41EC-9EE1-24296BFC4F5A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:amazon:opensearch_data_prepper:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.5.0\",\"matchCriteriaId\":\"6F70360D-6214-46BA-AF82-6AB01E13E4E9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kazu-yamamoto:http2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.2.2\",\"matchCriteriaId\":\"E2DA759E-1AF8-49D3-A3FC-1B426C13CA82\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.17.6\",\"matchCriteriaId\":\"28BE6F7B-AE66-4C8A-AAFA-F1262671E9BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.18.0\",\"versionEndExcluding\":\"1.18.3\",\"matchCriteriaId\":\"F0C8E760-C8D2-483A-BBD4-6A6D292A3874\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.19.0\",\"versionEndExcluding\":\"1.19.1\",\"matchCriteriaId\":\"5D0F78BB-6A05-4C97-A8DB-E731B6CC8CC7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023-10-10\",\"matchCriteriaId\":\"050AE218-3871-44D6-94DA-12D84C2093CB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.10.5\",\"matchCriteriaId\":\"B36BFFB0-C0EC-4926-A1DB-0B711C846A68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"376EAF9B-E994-4268-9704-0A45EA30270F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3D08335-C291-4623-B80C-3B14C4D1FA32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"21033CEE-CEF5-4B0D-A565-4A6FC764AA6D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:projectcontour:contour:*:*:*:*:*:kubernetes:*:*\",\"versionEndExcluding\":\"2023-10-11\",\"matchCriteriaId\":\"FC4C66B1-42C0-495D-AE63-2889DE0BED84\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linkerd:linkerd:*:*:*:*:stable:kubernetes:*:*\",\"versionStartIncluding\":\"2.12.0\",\"versionEndIncluding\":\"2.12.5\",\"matchCriteriaId\":\"8633E263-F066-4DD8-A734-90207207A873\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:stable:kubernetes:*:*\",\"matchCriteriaId\":\"34A23BD9-A0F4-4D85-8011-EAC93C29B4E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:stable:kubernetes:*:*\",\"matchCriteriaId\":\"27ED3533-A795-422F-B923-68BE071DC00D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:stable:kubernetes:*:*\",\"matchCriteriaId\":\"45F7E352-3208-4188-A5B1-906E00DF9896\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:stable:kubernetes:*:*\",\"matchCriteriaId\":\"DF89A8AD-66FE-439A-B732-CAAB304D765B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.26.0\",\"matchCriteriaId\":\"A400C637-AF18-4BEE-B57C-145261B65DEC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"653A5B08-0D02-4362-A8B1-D00B24C6C6F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B0E6B4B-BAA6-474E-A18C-72C9719CEC1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0FD736A-8730-446A-BA3A-7B608DB62B0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4C504B6-3902-46E2-82B7-48AEC9CDD48D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B4BE2D6-43C3-4065-A213-5DB1325DC78F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D54F5AE-61EC-4434-9D5F-9394A3979894\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE29B9D6-63DC-4779-ACE8-4E51E6A0AF37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E37E1B3-6F68-4502-85D6-68333643BDFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D5A7736-A403-4617-8790-18E46CB74DA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33F13B03-69BF-4A8B-A0A0-7F47FD857461\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9393119E-F018-463F-9548-60436F104195\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:cost_management:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC45EE1E-2365-42D4-9D55-92FA24E5ED3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:cryostat:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E567CD9F-5A43-4D25-B911-B5D0440698F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68146098-58F8-417E-B165-5182527117C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:fence_agents_remediation_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB4D6790-63E5-4043-B8BE-B489D649061D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78698F40-0777-4990-822D-02E1B5D0E2C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B87C8AD3-8878-4546-86C2-BF411876648C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF03BDE8-602D-4DEE-BA5B-5B20FDF47741\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A58966CB-36AF-4E64-AB39-BE3A0753E155\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_a-mq_streams:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"585BC540-073B-425B-B664-5EA4C00AFED6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B453CF7-9AA6-4B94-A003-BF7AE0B82F53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD354E32-A8B0-484C-B4C6-9FBCD3430D2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B142ACCC-F7A9-4A3B-BE60-0D6691D5058D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72A54BDA-311C-413B-8E4D-388AD65A170A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A305F012-544E-4245-9D69-1C8CD37748B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B40CCE4F-EA2C-453D-BB76-6388767E5C6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:logging_subsystem_for_red_hat_openshift:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF93A27E-AA2B-4C2E-9B8D-FE7267847326\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:machine_deletion_remediation_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B12A3A8-6456-481A-A0C9-524543FCC149\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C2E7E3C-A507-4AB2-97E5-4944D8775CF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:migration_toolkit_for_containers:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E22EBF9-AA0D-4712-9D69-DD97679CE835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:migration_toolkit_for_virtualization:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"941B114C-FBD7-42FF-B1D8-4EA30E99102C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:network_observability_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"339CFB34-A795-49F9-BF6D-A00F3A1A4F63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:node_healthcheck_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D044DBE-6F5A-4C53-828E-7B1A570CACFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:node_maintenance_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E23FA47F-B967-44AD-AB76-1BB2CAD3CA5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift:-:*:*:*:*:aws:*:*\",\"matchCriteriaId\":\"65203CA1-5225-4E55-A187-6454C091F532\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BF8EFFB-5686-4F28-A68F-1A8854E098CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"932D137F-528B-4526-9A89-CD59FA1AB0FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform_assisted_installer:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DA9B2E2-958B-478D-87D6-E5CDDCD44315\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3F5FF1E-5DA3-4EC3-B41A-A362BDFC4C69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99B8A88B-0B31-4CFF-AFD7-C9D3DDD5790D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97321212-0E07-4CC2-A917-7B5F61AB9A5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_distributed_tracing:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF390236-3259-4C8F-891C-62ACC4386CD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0AAA300-691A-4957-8B69-F6888CC971B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45937289-2D64-47CB-A750-5B4F0D4664A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_sandboxed_containers:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B129311C-EB4B-4041-B85C-44D5E53FCAA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_secondary_scheduler_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1AB54DB-3FB4-41CB-88ED-1400FD22AB85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77675CB7-67D7-44E9-B7FF-D224B3341AA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A76A2BCE-4AAE-46D7-93D6-2EDE0FC83145\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C877879-B84B-471C-80CF-0656521CA8AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCC81071-B46D-4F5D-AC25-B4A4CCC20C73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E315FC5C-FF19-43C9-A58A-CF2A5FF13824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20A6B40D-F991-4712-8E30-5FE008505CB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1987BDA-0113-4603-B9BE-76647EB043F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:run_once_duration_override_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D482A3D2-6E9B-42BA-9926-35E5BDD5F3BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"848C92A9-0677-442B-8D52-A448F2019903\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:self_node_remediation_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F564701-EDC1-43CF-BB9F-287D6992C6CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12B0CF2B-D1E1-4E20-846E-6F0D873499A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:support_for_spring_boot:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8885C2C-7FB8-40CA-BCB9-B48C50BF2499\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:web_terminal:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D88B140-D2A1-4A0A-A2E9-1A3B50C295AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:service_telemetry_framework:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A903C3AD-2D25-45B5-BF4A-A5BEB2286627\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC5EBD2A-32A3-46D5-B155-B44DCB7F6902\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.5.3\",\"matchCriteriaId\":\"C2792650-851F-4820-B003-06A4BEA092D7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:*\",\"versionEndExcluding\":\"3.4.2\",\"matchCriteriaId\":\"9F6B63B9-F4C9-4A3F-9310-E0918E1070D1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*\",\"versionEndIncluding\":\"2.414.2\",\"matchCriteriaId\":\"E6FF5F80-A991-43D4-B49F-D843E2BC5798\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*\",\"versionEndIncluding\":\"2.427\",\"matchCriteriaId\":\"54D25DA9-12D0-4F14-83E6-C69D0293AAB9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.4.0\",\"matchCriteriaId\":\"8E1AFFB9-C717-4727-B0C9-5A0C281710E2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.21.4.3\",\"matchCriteriaId\":\"25C85001-E0AB-4B01-8EE7-1D9C77CD956E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.2.003.009\",\"matchCriteriaId\":\"FB2BDBAC-8D19-4F81-8D31-6D0955A53D82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:connected_mobile_experiences:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.1\",\"matchCriteriaId\":\"F98F9D27-6659-413F-8F29-4FDB0882AAC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.3\",\"matchCriteriaId\":\"C98BF315-C563-47C2-BAD1-63347A3D1008\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.0.2\",\"matchCriteriaId\":\"3F30E209-FA52-4D3B-9B88-4193EA388554\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:crosswork_situation_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3178F3A5-A072-44E1-A225-B04BC536F4FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.0.0\",\"matchCriteriaId\":\"AA2BE0F1-DD16-4876-8EBA-F187BD38B159\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:data_center_network_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"796B6C58-2140-4105-A2A1-69865A194A75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:enterprise_chat_and_email:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEA99DC6-EA03-469F-A8BE-7F96FDF0B333\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"x14.3.3\",\"matchCriteriaId\":\"6560DBF4-AFE6-4672-95DE-74A0B8F4170A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.4.2\",\"matchCriteriaId\":\"84785919-796D-41E5-B652-6B5765C81D4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:iot_field_network_director:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.11.0\",\"matchCriteriaId\":\"92A74A1A-C69F-41E6-86D0-D6BB1C5D0A1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_access_registrar:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.3.3\",\"matchCriteriaId\":\"6FE7BA33-2AC0-4A85-97AD-6D77F20BA2AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_cable_provisioning:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.2.1\",\"matchCriteriaId\":\"4FE2F959-1084-48D1-B1F1-8182FC9862DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.10.4\",\"matchCriteriaId\":\"5CC17E6B-D7AB-40D7-AEC5-F5B555AC4D7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.2\",\"matchCriteriaId\":\"1BB6B48E-EA36-40A0-96D0-AF909BEC1147\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.2.0\",\"matchCriteriaId\":\"2CBED844-7F94-498C-836D-8593381A9657\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_malware_analytics:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.2\",\"matchCriteriaId\":\"C170DBA1-0899-4ECC-9A0D-8FEB1DA1B510\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"x14.3.3\",\"matchCriteriaId\":\"358FA1DC-63D3-49F6-AC07-9E277DD0D9DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2024.01.0\",\"matchCriteriaId\":\"BFF2D182-7599-4B81-B56B-F44EDA1384C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:2024.01.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4868BCCA-24DE-4F24-A8AF-B3A545C0396E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ultra_cloud_core_-_serving_gateway_function:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2024.02.0\",\"matchCriteriaId\":\"194F7A1F-FD43-4FF7-9AE2-C13AA5567E8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ultra_cloud_core_-_session_management_function:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2024.02.0\",\"matchCriteriaId\":\"BEC75F99-C7F0-47EB-9032-C9D3A42EBA20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_attendant_console_advanced:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6638F4E-16F7-447D-B755-52640BCB1C61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_domain_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC34F742-530E-4AB4-8AFC-D1E088E256B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D31CC0E9-8E21-436B-AB84-EA1B1BC60DCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_enterprise_-_live_data_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.6.2\",\"matchCriteriaId\":\"E22AD683-345B-4E16-BB9E-E9B1783E09AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_management_portal:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5C0D694-9E24-4782-B35F-D7C3E3B0F2ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:fog_director:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.22\",\"matchCriteriaId\":\"2955BEE9-F567-4006-B96D-92E10FF84DB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.15.1\",\"matchCriteriaId\":\"67502878-DB20-4410-ABA0-A1C5705064CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.11.2\",\"matchCriteriaId\":\"177DED2D-8089-4494-BDD9-7F84FC06CD5B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:secure_web_appliance_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.1.0\",\"matchCriteriaId\":\"54A29FD3-4128-4333-8445-A7DD04A6ECF6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:secure_web_appliance:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67074526-9933-46B3-9FE3-A0BE73C5E8A7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.2\\\\(7\\\\)\",\"matchCriteriaId\":\"EEB32D2E-AD9D-44A0-AEF7-689F7D2605C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.3\\\\(1\\\\)\",\"versionEndExcluding\":\"10.3\\\\(5\\\\)\",\"matchCriteriaId\":\"0A236A0A-6956-4D79-B8E5-B2D0C79FAE88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.4\\\\(1\\\\)\",\"versionEndExcluding\":\"10.4\\\\(2\\\\)\",\"matchCriteriaId\":\"BE71D34C-227A-4789-BA4D-79E5FDE311DB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"528ED62B-D739-4E06-AC64-B506FD73BBAB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D402AB0-BCFB-4F42-8C50-5DC930AEEC8B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC2A6C31-438A-4CF5-A3F3-364B1672EB7D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76C10D85-88AC-4A79-8866-BED88A0F8DF8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064-32t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09AC2BAD-F536-48D0-A2F0-D4E290519EB6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65CB7F6D-A82B-4A31-BFAC-FF4A4B8DF9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECC4FFCC-E886-49BC-9737-5B5BA2AAB14B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F4E8EE4-031D-47D3-A12E-EE5F792172EE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00CDD8C3-67D5-4E9F-9D48-A77B55DB0AB1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41C14CC9-C244-4B86-AEA6-C50BAD5DA9A6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3100-v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8FF2EC4-0C09-4C00-9956-A2A4A894F63D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D14D4B4E-120E-4607-A4F1-447C7BF3052E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15702ACB-29F3-412D-8805-E107E0729E35\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E930332-CDDD-48D5-93BC-C22D693BBFA2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_31108pv-v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29B34855-D8D2-4114-80D2-A4D159C62458\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BF4B8FE-E134-4491-B5C2-C1CFEB64731B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4226DA0-9371-401C-8247-E6E636A116C3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7664666F-BCE4-4799-AEEA-3A73E6AD33F4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3DBBFE9-835C-4411-8492-6006E74BAC65\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3293438-3D18-45A2-B093-2C3F65783336\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C97C29EE-9426-4BBE-8D84-AB5FF748703D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q-x\\\\/3132q-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E142C18F-9FB5-4D96-866A-141D7D16CAF7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F43B770-D96C-44EA-BC12-9F39FC4317B9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA782EB3-E8E6-4DCF-B39C-B3CBD46E4384\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7817F4E6-B2DA-4F06-95A4-AF329F594C02\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CED628B5-97A8-4B26-AA40-BEC854982157\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BB9DD73-E31D-4921-A6D6-E14E04703588\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172pq\\\\/pq-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EFC116A-627F-4E05-B631-651D161217C8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4532F513-0543-4960-9877-01F23CA7BA1B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B43502B-FD53-465A-B60F-6A359C6ACD99\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3229124-B097-4AAC-8ACD-2F9C89DCC3AB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32A532C0-B0E3-484A-B356-88970E7D0248\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3232:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C84D24C-2256-42AF-898A-221EBE9FE1E4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"652A2849-668D-4156-88FB-C19844A59F33\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3232c_:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D008CA1C-6F5A-40EA-BB12-A9D84D5AF700\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24FBE87B-8A4F-43A8-98A3-4A7D9C630937\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6ACD09AC-8B28-4ACB-967B-AB3D450BC137\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43913A0E-50D5-47DD-94D8-DD3391633619\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D397349-CCC6-479B-9273-FB1FFF4F34F2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC7286A7-780F-4A45-940A-4AD5C9D0F201\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_34200yc-sm:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA52D5C1-13D8-4D23-B022-954CCEF491F1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F7AF8D7-431B-43CE-840F-CC0817D159C0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAC204C8-1A5A-4E85-824E-DC9B8F6A802D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8E1073F-D374-4311-8F12-AD8C72FAA293\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAF5AF71-15DF-4151-A1CF-E138A7103FC8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10F80A72-AD54-4699-B8AE-82715F0B58E2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3524-x\\\\/xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E505C0B1-2119-4C6A-BF96-C282C633D169\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9354B6A2-D7D6-442E-BF4C-FE8A336D9E94\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"088C0323-683A-44F5-8D42-FF6EC85D080E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74CB4002-7636-4382-B33E-FBA060A13C34\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3548-x\\\\/xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"915EF8F6-6039-4DD0-B875-30D911752B74\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10CEBF73-3EE0-459A-86C5-F8F6243FE27C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97217080-455C-48E4-8CE1-6D5B9485864F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95D2C4C3-65CE-4612-A027-AF70CEFC3233\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57572E4A-78D5-4D1A-938B-F05F01759612\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.2\\\\(7\\\\)\",\"matchCriteriaId\":\"EEB32D2E-AD9D-44A0-AEF7-689F7D2605C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.3\\\\(1\\\\)\",\"versionEndExcluding\":\"10.3\\\\(5\\\\)\",\"matchCriteriaId\":\"0A236A0A-6956-4D79-B8E5-B2D0C79FAE88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.4\\\\(1\\\\)\",\"versionEndExcluding\":\"10.4\\\\(2\\\\)\",\"matchCriteriaId\":\"BE71D34C-227A-4789-BA4D-79E5FDE311DB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CD9C1F1-8582-4F67-A77D-97CBFECB88B8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"532CE4B0-A3C9-4613-AAAF-727817D06FB4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9200yc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24CA1A59-2681-4507-AC74-53BD481099B9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4283E433-7F8C-4410-B565-471415445811\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92160yc_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF9147C9-5D8B-40F5-9AAA-66A3495A0AD8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9221c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFB9FDE8-8533-4F65-BF32-4066D042B2F7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F80AB6FB-32FD-43D7-A9F1-80FA47696210\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92300yc_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AA5389A-8AD1-476E-983A-54DF573C30F5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5B2E4C1-2627-4B9D-8E92-4B483F647651\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92304qc_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1B1A8F1-45B1-4E64-A254-7191FA93CB6D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9232e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83DA8BFA-D7A2-476C-A6F5-CAE610033BC2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"557ED31C-C26A-4FAE-8B14-D06B49F7F08B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11411BFD-3F4D-4309-AB35-A3629A360FB0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9236c_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB2FFD26-8255-4351-8594-29D2AEFC06EF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E663DE91-C86D-48DC-B771-FA72A8DF7A7C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9272q_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61E10975-B47E-4F4D-8096-AEC7B7733612\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92E2CB2B-DA11-4CF7-9D57-3D4D48990DC0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A90184B3-C82F-4CE5-B2AD-97D5E4690871\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40E40F42-632A-47DF-BE33-DC25B826310B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-ex_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C67B7A6-9BB2-41FC-8FA3-8D0DF67CBC68\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AB89849-6DA4-4C9D-BC3F-EE0E41FD1901\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C47F6BF9-2ADB-41A4-8D7D-8BB00141BB23\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-fx3h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16C64136-89C2-443C-AF7B-BED81D3DE25A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBEF7F26-BB47-44BD-872E-130820557C23\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07DE6F63-2C7D-415B-8C34-01EC05C062F3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93120tx_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"182000E0-8204-4D8B-B7DE-B191AFE12E28\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93128:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F309E7B9-B828-4CD2-9D2B-8966EE5B9CC1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F423E45D-A6DD-4305-9C6A-EAB26293E53A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93128tx_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDC208BC-7E19-48C6-A20E-A79A51B7362C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"102F91CD-DFB6-43D4-AE5B-DA157A696230\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E952A96A-0F48-4357-B7DD-1127D8827650\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180lc-ex_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"084D0191-563B-4FF0-B589-F35DA118E1C6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180tc-ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7DB6FC5-762A-4F16-AE8C-69330EFCF640\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F70D81F1-8B12-4474-9060-B4934D8A3873\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5394DE31-3863-4CA9-B7B1-E5227183100D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-ex_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"968390BC-B430-4903-B614-13104BFAE635\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7349D69B-D8FA-4462-AA28-69DD18A652D9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE4BB834-2C00-4384-A78E-AF3BCDDC58AF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0D30D52-837F-4FDA-B8E5-A9066E9C6D2F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-fx3h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6678B8A-D905-447E-BE7E-6BFB4CC5DAFE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CE49B45-F2E9-491D-9C29-1B46E9CE14E2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1CC5F78-E88B-4B82-9E3E-C73D3A49DE26\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93240tc-fx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BFAD21E-59EE-4CCE-8F1E-621D2EA50905\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91231DC6-2773-4238-8C14-A346F213B5E5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DF88547-BAF4-47B0-9F60-80A30297FCEB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9332d-gx2b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02C3CE6D-BD54-48B1-A188-8E53DA001424\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9332d-h2r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"498991F7-39D6-428C-8C7D-DD8DC72A0346\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"113772B6-E9D2-4094-9468-3F4E1A87D07D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9332pq_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7B90D36-5124-4669-8462-4EAF35B0F53D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C45A38D6-BED6-4FEF-AD87-A1E813695DE0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1FC2B1F-232E-4754-8076-CC82F3648730\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CDD27C9-5EAF-4956-8AB7-740C84C9D4FC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F1127D2-12C0-454F-91EF-5EE334070D06\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336pq_aci:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D6EB963-E0F2-4A02-8765-AB2064BE19E9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"785FD17C-F32E-4042-9DDE-A89B3AAE0334\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336pq_aci_spine_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEAAF99B-5406-4722-81FB-A91CBAC2DF41\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9348d-gx2a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73DC1E93-561E-490C-AE0E-B02BAB9A7C8E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9348gc-fx3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12DA2DE5-8ADA-4D6A-BC1A-9C06FA163B1C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17C7E3DB-8E1A-47AD-B1C5-61747DC0CFB9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF467E2-4567-426E-8F48-39669E0F514C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63842B25-8C32-4988-BBBD-61E9CB09B4F3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9364c-gx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68EA1FEF-B6B6-49FE-A0A4-5387F76303F8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9364d-gx2a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40D6DB7F-C025-4971-9615-73393ED61078\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4364ADB9-8162-451D-806A-B98924E6B2CF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B53BCB42-ED61-4FCF-8068-CB467631C63C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372px-e_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"737C724A-B6CD-4FF7-96E0-EBBF645D660E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372px_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7067AEC7-DFC8-4437-9338-C5165D9A8F36\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49E0371B-FDE2-473C-AA59-47E1269D050F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"489D11EC-5A18-4F32-BC7C-AC1FCEC27222\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372tx-e_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71D4CF15-B293-4403-A1A9-96AD3933BAEF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372tx_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBCC1515-2DBE-4DF2-8E83-29A869170F36\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BC5293E-F2B4-46DC-85DA-167EA323FCFD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9396px_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7282AAFF-ED18-4992-AC12-D953C35EC328\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA022E77-6557-4A33-9A3A-D028E2DB669A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9396tx_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"360409CC-4172-4878-A76B-EA1C1F8C7A79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9408:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8D5D5E2-B40B-475D-9EF3-8441016E37E9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9432pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDA8E1F0-74A6-4725-B6AA-A1112EFC5D0C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63BE0266-1C00-4D6A-AD96-7F82532ABAA7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_16-slot:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73F59A4B-AE92-4533-8EDC-D1DD850309FF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_4-slot:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"492A2C86-DD38-466B-9965-77629A73814F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_8-slot:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FB7AA46-4018-4925-963E-719E1037F759\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_supervisor_a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31B9D1E4-10B9-4B6F-B848-D93ABF6486D6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_supervisor_a\\\\+:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB270C45-756E-400A-979F-D07D750C881A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_supervisor_b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E8A085C-2DBA-4269-AB01-B16019FBB4DA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_supervisor_b\\\\+:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A79DD582-AF68-44F1-B640-766B46EF2BE2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B04484DA-AA59-4833-916E-6A8C96D34F0D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"768BE390-5ED5-48A7-9E80-C4DE8BA979B1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9504_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D07B5399-44C7-468D-9D57-BB5B5E26CE50\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDC2F709-AFBE-48EA-A3A2-DA1134534FB6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9508_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76FB64F-16F0-4B0B-B304-B46258D434BA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E02DC82-0D26-436F-BA64-73C958932B0A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9516_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E128053-834B-4DD5-A517-D14B4FC2B56F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9536pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"163743A1-09E7-4EC5-8ECA-79E4B9CE173B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9636pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE340E4C-DC48-4FC8-921B-EE304DB5AE0A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9716d-gx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C367BBE0-D71F-4CB5-B50E-72B033E73FE1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9736pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85E1D224-4751-4233-A127-A041068C804A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD31B075-01B1-429E-83F4-B999356A0EB9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9804:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A10C9C0A-C96A-4B45-90D0-6ED457EB5F4C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9808:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3284D16F-3275-4F8D-8AE4-D413DE19C4FA\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/10/6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/10/7\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/13/4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/13/9\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/18/4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/18/8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/19/6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/20/8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/cve-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://aws.amazon.com/security/security-bulletins/AWS-2023-011/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Technical Description\",\"Vendor Advisory\"]},{\"url\":\"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://blog.vespa.ai/cve-2023-44487/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.proxmox.com/show_bug.cgi?id=4988\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2242803\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1216123\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Technical Description\",\"Vendor Advisory\"]},{\"url\":\"https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack\",\"source\":\"cve@mitre.org\",\"tags\":[\"Technical Description\",\"Vendor Advisory\"]},{\"url\":\"https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/Azure/AKS/issues/3947\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/Kong/kong/discussions/11741\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/advisories/GHSA-qppj-fm5r-hxr3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/advisories/GHSA-vx74-f528-fxqg\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/advisories/GHSA-xpw8-rcwv-8f8p\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/akka/akka-http/issues/4323\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/alibaba/tengine/issues/1872\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/apisix/issues/10320\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/httpd-site/pull/10\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/apache/trafficserver/pull/10564\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/bcdannyboy/CVE-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/caddyserver/caddy/issues/5877\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/caddyserver/caddy/releases/tag/v2.7.5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/dotnet/announcements/issues/277\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/eclipse/jetty.project/issues/10679\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/envoyproxy/envoy/pull/30055\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/etcd-io/etcd/issues/16740\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/facebook/proxygen/pull/466\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/golang/go/issues/63417\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/grpc/grpc-go/pull/6703\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/grpc/grpc/releases/tag/v1.59.2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://github.com/h2o/h2o/pull/3291\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/haproxy/haproxy/issues/2312\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/junkurihara/rust-rpxy/issues/97\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/kazu-yamamoto/http2/issues/93\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/kubernetes/kubernetes/pull/121120\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/line/armeria/pull/5232\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/micrictor/http2-rst-stream\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/microsoft/CBL-Mariner/pull/6381\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nghttp2/nghttp2/pull/1961\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ninenines/cowboy/issues/1615\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/nodejs/node/pull/50121\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/openresty/openresty/issues/930\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/opensearch-project/data-prepper/issues/3474\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/oqtane/oqtane.framework/discussions/3367\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/projectcontour/contour/pull/5826\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/tempesta-tech/tempesta/issues/1986\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/varnishcache/varnish-cache/issues/3996\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://istio.io/latest/news/security/istio-security-2023-004/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://my.f5.com/manage/s/article/K000137106\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://netty.io/news/2023/10/10/4-1-100-Final.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://news.ycombinator.com/item?id=37830987\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=37830998\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Press/Media Coverage\"]},{\"url\":\"https://news.ycombinator.com/item?id=37831062\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=37837043\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231016-0001/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240426-0007/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0006/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0007/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.paloaltonetworks.com/CVE-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://ubuntu.com/security/CVE-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5521\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5522\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5540\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5549\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5558\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5570\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/10/10/6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/13/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/13/9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/18/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/18/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/19/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/20/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/08/13/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/cve-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://aws.amazon.com/security/security-bulletins/AWS-2023-011/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Vendor Advisory\"]},{\"url\":\"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://blog.vespa.ai/cve-2023-44487/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.proxmox.com/show_bug.cgi?id=4988\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2242803\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1216123\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Vendor Advisory\"]},{\"url\":\"https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Vendor Advisory\"]},{\"url\":\"https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/Azure/AKS/issues/3947\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/Kong/kong/discussions/11741\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/advisories/GHSA-qppj-fm5r-hxr3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/advisories/GHSA-vx74-f528-fxqg\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/advisories/GHSA-xpw8-rcwv-8f8p\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/akka/akka-http/issues/4323\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/alibaba/tengine/issues/1872\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/apisix/issues/10320\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/httpd-site/pull/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/apache/trafficserver/pull/10564\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/bcdannyboy/CVE-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/caddyserver/caddy/issues/5877\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/caddyserver/caddy/releases/tag/v2.7.5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/dotnet/announcements/issues/277\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/eclipse/jetty.project/issues/10679\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/envoyproxy/envoy/pull/30055\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/etcd-io/etcd/issues/16740\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/facebook/proxygen/pull/466\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/golang/go/issues/63417\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/grpc/grpc-go/pull/6703\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/h2o/h2o/pull/3291\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/haproxy/haproxy/issues/2312\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/junkurihara/rust-rpxy/issues/97\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/kazu-yamamoto/http2/issues/93\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/kubernetes/kubernetes/pull/121120\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/line/armeria/pull/5232\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/micrictor/http2-rst-stream\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/microsoft/CBL-Mariner/pull/6381\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nghttp2/nghttp2/pull/1961\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ninenines/cowboy/issues/1615\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/nodejs/node/pull/50121\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/openresty/openresty/issues/930\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/opensearch-project/data-prepper/issues/3474\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/oqtane/oqtane.framework/discussions/3367\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/projectcontour/contour/pull/5826\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/tempesta-tech/tempesta/issues/1986\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/varnishcache/varnish-cache/issues/3996\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://istio.io/latest/news/security/istio-security-2023-004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://my.f5.com/manage/s/article/K000137106\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://netty.io/news/2023/10/10/4-1-100-Final.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://news.ycombinator.com/item?id=37830987\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=37830998\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Press/Media Coverage\"]},{\"url\":\"https://news.ycombinator.com/item?id=37831062\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=37837043\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231016-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240426-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.paloaltonetworks.com/CVE-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://ubuntu.com/security/CVE-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5521\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5522\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5540\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5549\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5558\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5570\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/10/10/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-341067.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-784301.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-832273.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-915275.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://aws.amazon.com/security/security-bulletins/AWS-2023-011/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37831062\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/envoyproxy/envoy/pull/30055\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/haproxy/haproxy/issues/2312\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/eclipse/jetty.project/issues/10679\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/nghttp2/nghttp2/pull/1961\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/alibaba/tengine/issues/1872\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37830987\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37830998\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/caddyserver/caddy/issues/5877\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/bcdannyboy/CVE-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/grpc/grpc-go/pull/6703\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://my.f5.com/manage/s/article/K000137106\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.proxmox.com/show_bug.cgi?id=4988\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/microsoft/CBL-Mariner/pull/6381\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/facebook/proxygen/pull/466\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/micrictor/http2-rst-stream\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/h2o/h2o/pull/3291\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/nodejs/node/pull/50121\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/dotnet/announcements/issues/277\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/golang/go/issues/63417\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/advisories/GHSA-vx74-f528-fxqg\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/apache/trafficserver/pull/10564\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/10/10/6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/opensearch-project/data-prepper/issues/3474\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/kubernetes/kubernetes/pull/121120\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/oqtane/oqtane.framework/discussions/3367\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/advisories/GHSA-xpw8-rcwv-8f8p\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://netty.io/news/2023/10/10/4-1-100-Final.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37837043\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/kazu-yamamoto/http2/issues/93\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5522\", \"name\": \"DSA-5522\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5521\", \"name\": \"DSA-5521\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/security/cve/cve-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/ninenines/cowboy/issues/1615\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/varnishcache/varnish-cache/issues/3996\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/tempesta-tech/tempesta/issues/1986\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.vespa.ai/cve-2023-44487/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/etcd-io/etcd/issues/16740\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://istio.io/latest/news/security/istio-security-2023-004/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/junkurihara/rust-rpxy/issues/97\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1216123\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2242803\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://ubuntu.com/security/CVE-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/advisories/GHSA-qppj-fm5r-hxr3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/apache/httpd-site/pull/10\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/projectcontour/contour/pull/5826\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/line/armeria/pull/5232\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.paloaltonetworks.com/CVE-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/akka/akka-http/issues/4323\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/openresty/openresty/issues/930\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/apache/apisix/issues/10320\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/Azure/AKS/issues/3947\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/Kong/kong/discussions/11741\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/caddyserver/caddy/releases/tag/v2.7.5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\", \"name\": \"[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/13/4\", \"name\": \"[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/13/9\", \"name\": \"[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/\", \"name\": \"FEDORA-2023-ed2642fd58\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html\", \"name\": \"[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231016-0001/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html\", \"name\": \"[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/18/4\", \"name\": \"[oss-security] 20231018 Vulnerability in Jenkins\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/18/8\", \"name\": \"[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/19/6\", \"name\": \"[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/\", \"name\": \"FEDORA-2023-54fadada12\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/\", \"name\": \"FEDORA-2023-5ff7bf1dd8\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/20/8\", \"name\": \"[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/\", \"name\": \"FEDORA-2023-17efd3f2cd\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/\", \"name\": \"FEDORA-2023-d5030c983c\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/\", \"name\": \"FEDORA-2023-0259c3f26f\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/\", \"name\": \"FEDORA-2023-2a9214af5f\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/\", \"name\": \"FEDORA-2023-e9c04d81c1\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/\", \"name\": \"FEDORA-2023-f66fc0f62a\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/\", \"name\": \"FEDORA-2023-4d2fd884ea\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/\", \"name\": \"FEDORA-2023-b2c50535cb\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\", \"name\": \"FEDORA-2023-fe53e13b5b\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\", \"name\": \"FEDORA-2023-4bf641255e\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html\", \"name\": \"[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5540\", \"name\": \"DSA-5540\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html\", \"name\": \"[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/\", \"name\": \"FEDORA-2023-1caffb88af\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/\", \"name\": \"FEDORA-2023-3f70b8d406\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/\", \"name\": \"FEDORA-2023-7b52921cae\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/\", \"name\": \"FEDORA-2023-7934802344\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/\", \"name\": \"FEDORA-2023-dbe64661af\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\", \"name\": \"FEDORA-2023-822aab0a5a\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html\", \"name\": \"[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5549\", \"name\": \"DSA-5549\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/\", \"name\": \"FEDORA-2023-c0c6a91330\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/\", \"name\": \"FEDORA-2023-492b7be466\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5558\", \"name\": \"DSA-5558\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html\", \"name\": \"[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-09\", \"name\": \"GLSA-202311-09\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5570\", \"name\": \"DSA-5570\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240426-0007/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0007/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/08/13/6\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T21:08:27.383Z\"}}, {\"affected\": [{\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM APE1808\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINEC NMS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"x_adpType\": \"supplier\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-832273.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-341067.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-784301.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-915275.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\"}], \"providerMetadata\": {\"orgId\": \"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\", \"shortName\": \"siemens-SADP\", \"dateUpdated\": \"2026-05-12T10:52:23.784Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-44487\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-23T20:34:21.334116Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-10-10\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*\"], \"vendor\": \"ietf\", \"product\": \"http\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0\"}], \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-10-10T00:00:00.000Z\", \"value\": \"CVE-2023-44487 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-16T18:31:22.372Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73\"}, {\"url\": \"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/\"}, {\"url\": \"https://aws.amazon.com/security/security-bulletins/AWS-2023-011/\"}, {\"url\": \"https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack\"}, {\"url\": \"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\"}, {\"url\": \"https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/\"}, {\"url\": \"https://news.ycombinator.com/item?id=37831062\"}, {\"url\": \"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/\"}, {\"url\": \"https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack\"}, {\"url\": \"https://github.com/envoyproxy/envoy/pull/30055\"}, {\"url\": \"https://github.com/haproxy/haproxy/issues/2312\"}, {\"url\": \"https://github.com/eclipse/jetty.project/issues/10679\"}, {\"url\": \"https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764\"}, {\"url\": \"https://github.com/nghttp2/nghttp2/pull/1961\"}, {\"url\": \"https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61\"}, {\"url\": \"https://github.com/alibaba/tengine/issues/1872\"}, {\"url\": \"https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2\"}, {\"url\": \"https://news.ycombinator.com/item?id=37830987\"}, {\"url\": \"https://news.ycombinator.com/item?id=37830998\"}, {\"url\": \"https://github.com/caddyserver/caddy/issues/5877\"}, {\"url\": \"https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/\"}, {\"url\": \"https://github.com/bcdannyboy/CVE-2023-44487\"}, {\"url\": \"https://github.com/grpc/grpc-go/pull/6703\"}, {\"url\": \"https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244\"}, {\"url\": \"https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0\"}, {\"url\": \"https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html\"}, {\"url\": \"https://my.f5.com/manage/s/article/K000137106\"}, {\"url\": \"https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/\"}, {\"url\": \"https://bugzilla.proxmox.com/show_bug.cgi?id=4988\"}, {\"url\": \"https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/10/7\", \"name\": \"[oss-security] 20231010 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/10/6\", \"name\": \"[oss-security] 20231010 CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected\"}, {\"url\": \"https://github.com/microsoft/CBL-Mariner/pull/6381\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo\"}, {\"url\": \"https://github.com/facebook/proxygen/pull/466\"}, {\"url\": \"https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088\"}, {\"url\": \"https://github.com/micrictor/http2-rst-stream\"}, {\"url\": \"https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve\"}, {\"url\": \"https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/\"}, {\"url\": \"https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf\"}, {\"url\": \"https://github.com/h2o/h2o/pull/3291\"}, {\"url\": \"https://github.com/nodejs/node/pull/50121\"}, {\"url\": \"https://github.com/dotnet/announcements/issues/277\"}, {\"url\": \"https://github.com/golang/go/issues/63417\"}, {\"url\": \"https://github.com/advisories/GHSA-vx74-f528-fxqg\"}, {\"url\": \"https://github.com/apache/trafficserver/pull/10564\"}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487\"}, {\"url\": \"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14\"}, {\"url\": \"https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q\"}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/10/10/6\"}, {\"url\": \"https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\"}, {\"url\": \"https://github.com/opensearch-project/data-prepper/issues/3474\"}, {\"url\": \"https://github.com/kubernetes/kubernetes/pull/121120\"}, {\"url\": \"https://github.com/oqtane/oqtane.framework/discussions/3367\"}, {\"url\": \"https://github.com/advisories/GHSA-xpw8-rcwv-8f8p\"}, {\"url\": \"https://netty.io/news/2023/10/10/4-1-100-Final.html\"}, {\"url\": \"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487\"}, {\"url\": \"https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/\"}, {\"url\": \"https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack\"}, {\"url\": \"https://news.ycombinator.com/item?id=37837043\"}, {\"url\": \"https://github.com/kazu-yamamoto/http2/issues/93\"}, {\"url\": \"https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html\"}, {\"url\": \"https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1\"}, {\"url\": \"https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5522\", \"name\": \"DSA-5522\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5521\", \"name\": \"DSA-5521\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://access.redhat.com/security/cve/cve-2023-44487\"}, {\"url\": \"https://github.com/ninenines/cowboy/issues/1615\"}, {\"url\": \"https://github.com/varnishcache/varnish-cache/issues/3996\"}, {\"url\": \"https://github.com/tempesta-tech/tempesta/issues/1986\"}, {\"url\": \"https://blog.vespa.ai/cve-2023-44487/\"}, {\"url\": \"https://github.com/etcd-io/etcd/issues/16740\"}, {\"url\": \"https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event\"}, {\"url\": \"https://istio.io/latest/news/security/istio-security-2023-004/\"}, {\"url\": \"https://github.com/junkurihara/rust-rpxy/issues/97\"}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1216123\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2242803\"}, {\"url\": \"https://ubuntu.com/security/CVE-2023-44487\"}, {\"url\": \"https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125\"}, {\"url\": \"https://github.com/advisories/GHSA-qppj-fm5r-hxr3\"}, {\"url\": \"https://github.com/apache/httpd-site/pull/10\"}, {\"url\": \"https://github.com/projectcontour/contour/pull/5826\"}, {\"url\": \"https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632\"}, {\"url\": \"https://github.com/line/armeria/pull/5232\"}, {\"url\": \"https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/\"}, {\"url\": \"https://security.paloaltonetworks.com/CVE-2023-44487\"}, {\"url\": \"https://github.com/akka/akka-http/issues/4323\"}, {\"url\": \"https://github.com/openresty/openresty/issues/930\"}, {\"url\": \"https://github.com/apache/apisix/issues/10320\"}, {\"url\": \"https://github.com/Azure/AKS/issues/3947\"}, {\"url\": \"https://github.com/Kong/kong/discussions/11741\"}, {\"url\": \"https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487\"}, {\"url\": \"https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/\"}, {\"url\": \"https://github.com/caddyserver/caddy/releases/tag/v2.7.5\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\", \"name\": \"[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/13/4\", \"name\": \"[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/13/9\", \"name\": \"[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/\"}, {\"url\": \"https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/\", \"name\": \"FEDORA-2023-ed2642fd58\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html\", \"name\": \"[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231016-0001/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html\", \"name\": \"[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/18/4\", \"name\": \"[oss-security] 20231018 Vulnerability in Jenkins\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/18/8\", \"name\": \"[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/19/6\", \"name\": \"[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/\", \"name\": \"FEDORA-2023-54fadada12\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/\", \"name\": \"FEDORA-2023-5ff7bf1dd8\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/20/8\", \"name\": \"[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/\", \"name\": \"FEDORA-2023-17efd3f2cd\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/\", \"name\": \"FEDORA-2023-d5030c983c\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/\", \"name\": \"FEDORA-2023-0259c3f26f\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/\", \"name\": \"FEDORA-2023-2a9214af5f\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/\", \"name\": \"FEDORA-2023-e9c04d81c1\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/\", \"name\": \"FEDORA-2023-f66fc0f62a\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/\", \"name\": \"FEDORA-2023-4d2fd884ea\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/\", \"name\": \"FEDORA-2023-b2c50535cb\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\", \"name\": \"FEDORA-2023-fe53e13b5b\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\", \"name\": \"FEDORA-2023-4bf641255e\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html\", \"name\": \"[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5540\", \"name\": \"DSA-5540\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html\", \"name\": \"[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/\", \"name\": \"FEDORA-2023-1caffb88af\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/\", \"name\": \"FEDORA-2023-3f70b8d406\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/\", \"name\": \"FEDORA-2023-7b52921cae\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/\", \"name\": \"FEDORA-2023-7934802344\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/\", \"name\": \"FEDORA-2023-dbe64661af\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\", \"name\": \"FEDORA-2023-822aab0a5a\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html\", \"name\": \"[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5549\", \"name\": \"DSA-5549\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/\", \"name\": \"FEDORA-2023-c0c6a91330\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/\", \"name\": \"FEDORA-2023-492b7be466\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5558\", \"name\": \"DSA-5558\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html\", \"name\": \"[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-09\", \"name\": \"GLSA-202311-09\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5570\", \"name\": \"DSA-5570\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240426-0007/\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0007/\"}, {\"url\": \"https://github.com/grpc/grpc/releases/tag/v1.59.2\"}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-06-07T20:05:34.376Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-44487\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-12T10:52:23.784Z\", \"dateReserved\": \"2023-09-29T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-10-10T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2023:7488
Vulnerability from csaf_redhat - Published: 2023-11-24 16:57 - Updated: 2026-06-02 15:03Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.6 security update
Severity
Important
Notes
Topic: A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.6 serves as a replacement for Red Hat Single Sign-On 7.6.5, and includes bug fixes and enhancements.
Security Fix(es):
* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* netty-codec-http2: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)
* keycloak: impersonation and lockout possible through incorrect handling of email trust (CVE-2023-0105)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.
6.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6.6
|
— |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
28 references
Acknowledgments
Inverid
Willem Noort
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.6 serves as a replacement for Red Hat Single Sign-On 7.6.5, and includes bug fixes and enhancements.\n\nSecurity Fix(es):\n\n* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n* netty-codec-http2: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n* keycloak: impersonation and lockout possible through incorrect handling of email trust (CVE-2023-0105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7488",
"url": "https://access.redhat.com/errata/RHSA-2023:7488"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=patches\u0026version=7.6",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=patches\u0026version=7.6"
},
{
"category": "external",
"summary": "2158910",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158910"
},
{
"category": "external",
"summary": "2215465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7488.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.6 security update",
"tracking": {
"current_release_date": "2026-06-02T15:03:54+00:00",
"generator": {
"date": "2026-06-02T15:03:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:7488",
"initial_release_date": "2023-11-24T16:57:47+00:00",
"revision_history": [
{
"date": "2023-11-24T16:57:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-24T16:57:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T15:03:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7",
"product": {
"name": "Red Hat Single Sign-On 7",
"product_id": "Red Hat Single Sign-On 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6.6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Willem Noort"
],
"organization": "Inverid",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-0105",
"cwe": {
"id": "CWE-841",
"name": "Improper Enforcement of Behavioral Workflow"
},
"discovery_date": "2022-11-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2158910"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: impersonation and lockout possible through incorrect handling of email trust",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0105"
},
{
"category": "external",
"summary": "RHBZ#2158910",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158910"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0105",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0105"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0105",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0105"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-c7xw-p58w-h6fj",
"url": "https://github.com/advisories/GHSA-c7xw-p58w-h6fj"
}
],
"release_date": "2023-01-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-24T16:57:47+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7488"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: impersonation and lockout possible through incorrect handling of email trust"
},
{
"cve": "CVE-2023-33201",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-06-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215465"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-33201"
},
{
"category": "external",
"summary": "RHBZ#2215465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
},
{
"category": "external",
"summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201",
"url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
}
],
"release_date": "2023-06-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-24T16:57:47+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7488"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-24T16:57:47+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7488"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"Red Hat Single Sign-On 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:7521
Vulnerability from csaf_redhat - Published: 2023-11-28 13:17 - Updated: 2026-06-25 07:59Summary
Red Hat Security Advisory: OpenShift Virtualization 4.13.6 RPMs security and bug fix update
Severity
Important
Notes
Topic: Red Hat OpenShift Virtualization release 4.13.6 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains OpenShift Virtualization 4.13.6 RPMs.
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* 4.13.6 rpms (BZ#2251683)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.13:kubevirt-0:4.13.6-1596.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.13:kubevirt-0:4.13.6-1596.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:kubevirt-0:4.13.6-1596.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.13:kubevirt-0:4.13.6-1596.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.13:kubevirt-0:4.13.6-1596.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:kubevirt-0:4.13.6-1596.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Virtualization release 4.13.6 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains OpenShift Virtualization 4.13.6 RPMs.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* 4.13.6 rpms (BZ#2251683)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7521",
"url": "https://access.redhat.com/errata/RHSA-2023:7521"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "2251683",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251683"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7521.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Virtualization 4.13.6 RPMs security and bug fix update",
"tracking": {
"current_release_date": "2026-06-25T07:59:07+00:00",
"generator": {
"date": "2026-06-25T07:59:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2023:7521",
"initial_release_date": "2023-11-28T13:17:06+00:00",
"revision_history": [
{
"date": "2023-11-28T13:17:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-28T13:17:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-25T07:59:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CNV 4.13 for RHEL 9",
"product": {
"name": "CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.13::el9"
}
}
},
{
"category": "product_name",
"name": "CNV 4.13 for RHEL 7",
"product": {
"name": "CNV 4.13 for RHEL 7",
"product_id": "7Server-CNV-4.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.13::el7"
}
}
},
{
"category": "product_name",
"name": "CNV 4.13 for RHEL 8",
"product": {
"name": "CNV 4.13 for RHEL 8",
"product_id": "8Base-CNV-4.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.13::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "kubevirt-0:4.13.6-1596.el9.src",
"product": {
"name": "kubevirt-0:4.13.6-1596.el9.src",
"product_id": "kubevirt-0:4.13.6-1596.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt@4.13.6-1596.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "kubevirt-0:4.13.6-1596.el7.src",
"product": {
"name": "kubevirt-0:4.13.6-1596.el7.src",
"product_id": "kubevirt-0:4.13.6-1596.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt@4.13.6-1596.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "kubevirt-0:4.13.6-1596.el8.src",
"product": {
"name": "kubevirt-0:4.13.6-1596.el8.src",
"product_id": "kubevirt-0:4.13.6-1596.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt@4.13.6-1596.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kubevirt-virtctl-0:4.13.6-1596.el9.x86_64",
"product": {
"name": "kubevirt-virtctl-0:4.13.6-1596.el9.x86_64",
"product_id": "kubevirt-virtctl-0:4.13.6-1596.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl@4.13.6-1596.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.x86_64",
"product": {
"name": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.x86_64",
"product_id": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl-redistributable@4.13.6-1596.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-0:4.13.6-1596.el7.x86_64",
"product": {
"name": "kubevirt-virtctl-0:4.13.6-1596.el7.x86_64",
"product_id": "kubevirt-virtctl-0:4.13.6-1596.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl@4.13.6-1596.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el7.x86_64",
"product": {
"name": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el7.x86_64",
"product_id": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl-redistributable@4.13.6-1596.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-0:4.13.6-1596.el8.x86_64",
"product": {
"name": "kubevirt-virtctl-0:4.13.6-1596.el8.x86_64",
"product_id": "kubevirt-virtctl-0:4.13.6-1596.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl@4.13.6-1596.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.x86_64",
"product": {
"name": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.x86_64",
"product_id": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl-redistributable@4.13.6-1596.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "kubevirt-virtctl-0:4.13.6-1596.el9.aarch64",
"product": {
"name": "kubevirt-virtctl-0:4.13.6-1596.el9.aarch64",
"product_id": "kubevirt-virtctl-0:4.13.6-1596.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl@4.13.6-1596.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.aarch64",
"product": {
"name": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.aarch64",
"product_id": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl-redistributable@4.13.6-1596.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-0:4.13.6-1596.el8.aarch64",
"product": {
"name": "kubevirt-virtctl-0:4.13.6-1596.el8.aarch64",
"product_id": "kubevirt-virtctl-0:4.13.6-1596.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl@4.13.6-1596.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.aarch64",
"product": {
"name": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.aarch64",
"product_id": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl-redistributable@4.13.6-1596.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-0:4.13.6-1596.el7.src as a component of CNV 4.13 for RHEL 7",
"product_id": "7Server-CNV-4.13:kubevirt-0:4.13.6-1596.el7.src"
},
"product_reference": "kubevirt-0:4.13.6-1596.el7.src",
"relates_to_product_reference": "7Server-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-0:4.13.6-1596.el7.x86_64 as a component of CNV 4.13 for RHEL 7",
"product_id": "7Server-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el7.x86_64"
},
"product_reference": "kubevirt-virtctl-0:4.13.6-1596.el7.x86_64",
"relates_to_product_reference": "7Server-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el7.x86_64 as a component of CNV 4.13 for RHEL 7",
"product_id": "7Server-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el7.x86_64"
},
"product_reference": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el7.x86_64",
"relates_to_product_reference": "7Server-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-0:4.13.6-1596.el8.src as a component of CNV 4.13 for RHEL 8",
"product_id": "8Base-CNV-4.13:kubevirt-0:4.13.6-1596.el8.src"
},
"product_reference": "kubevirt-0:4.13.6-1596.el8.src",
"relates_to_product_reference": "8Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-0:4.13.6-1596.el8.aarch64 as a component of CNV 4.13 for RHEL 8",
"product_id": "8Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el8.aarch64"
},
"product_reference": "kubevirt-virtctl-0:4.13.6-1596.el8.aarch64",
"relates_to_product_reference": "8Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-0:4.13.6-1596.el8.x86_64 as a component of CNV 4.13 for RHEL 8",
"product_id": "8Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el8.x86_64"
},
"product_reference": "kubevirt-virtctl-0:4.13.6-1596.el8.x86_64",
"relates_to_product_reference": "8Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.aarch64 as a component of CNV 4.13 for RHEL 8",
"product_id": "8Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.aarch64"
},
"product_reference": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.aarch64",
"relates_to_product_reference": "8Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.x86_64 as a component of CNV 4.13 for RHEL 8",
"product_id": "8Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.x86_64"
},
"product_reference": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.x86_64",
"relates_to_product_reference": "8Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-0:4.13.6-1596.el9.src as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:kubevirt-0:4.13.6-1596.el9.src"
},
"product_reference": "kubevirt-0:4.13.6-1596.el9.src",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-0:4.13.6-1596.el9.aarch64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el9.aarch64"
},
"product_reference": "kubevirt-virtctl-0:4.13.6-1596.el9.aarch64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-0:4.13.6-1596.el9.x86_64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el9.x86_64"
},
"product_reference": "kubevirt-virtctl-0:4.13.6-1596.el9.x86_64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.aarch64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.aarch64"
},
"product_reference": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.aarch64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.x86_64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.x86_64"
},
"product_reference": "kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.x86_64",
"relates_to_product_reference": "9Base-CNV-4.13"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.13:kubevirt-0:4.13.6-1596.el7.src",
"7Server-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el7.x86_64",
"7Server-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el7.x86_64",
"8Base-CNV-4.13:kubevirt-0:4.13.6-1596.el8.src",
"8Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el8.aarch64",
"8Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el8.x86_64",
"8Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.aarch64",
"8Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.x86_64",
"9Base-CNV-4.13:kubevirt-0:4.13.6-1596.el9.src",
"9Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el9.aarch64",
"9Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el9.x86_64",
"9Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.aarch64",
"9Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-28T13:17:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.13:kubevirt-0:4.13.6-1596.el7.src",
"7Server-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el7.x86_64",
"7Server-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el7.x86_64",
"8Base-CNV-4.13:kubevirt-0:4.13.6-1596.el8.src",
"8Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el8.aarch64",
"8Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el8.x86_64",
"8Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.aarch64",
"8Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.x86_64",
"9Base-CNV-4.13:kubevirt-0:4.13.6-1596.el9.src",
"9Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el9.aarch64",
"9Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el9.x86_64",
"9Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.aarch64",
"9Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7521"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"7Server-CNV-4.13:kubevirt-0:4.13.6-1596.el7.src",
"7Server-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el7.x86_64",
"7Server-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el7.x86_64",
"8Base-CNV-4.13:kubevirt-0:4.13.6-1596.el8.src",
"8Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el8.aarch64",
"8Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el8.x86_64",
"8Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.aarch64",
"8Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.x86_64",
"9Base-CNV-4.13:kubevirt-0:4.13.6-1596.el9.src",
"9Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el9.aarch64",
"9Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el9.x86_64",
"9Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.aarch64",
"9Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.13:kubevirt-0:4.13.6-1596.el7.src",
"7Server-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el7.x86_64",
"7Server-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el7.x86_64",
"8Base-CNV-4.13:kubevirt-0:4.13.6-1596.el8.src",
"8Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el8.aarch64",
"8Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el8.x86_64",
"8Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.aarch64",
"8Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.x86_64",
"9Base-CNV-4.13:kubevirt-0:4.13.6-1596.el9.src",
"9Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el9.aarch64",
"9Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el9.x86_64",
"9Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.aarch64",
"9Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.13:kubevirt-0:4.13.6-1596.el7.src",
"7Server-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el7.x86_64",
"7Server-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el7.x86_64",
"8Base-CNV-4.13:kubevirt-0:4.13.6-1596.el8.src",
"8Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el8.aarch64",
"8Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el8.x86_64",
"8Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.aarch64",
"8Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.x86_64",
"9Base-CNV-4.13:kubevirt-0:4.13.6-1596.el9.src",
"9Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el9.aarch64",
"9Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el9.x86_64",
"9Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.aarch64",
"9Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-28T13:17:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.13:kubevirt-0:4.13.6-1596.el7.src",
"7Server-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el7.x86_64",
"7Server-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el7.x86_64",
"8Base-CNV-4.13:kubevirt-0:4.13.6-1596.el8.src",
"8Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el8.aarch64",
"8Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el8.x86_64",
"8Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.aarch64",
"8Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.x86_64",
"9Base-CNV-4.13:kubevirt-0:4.13.6-1596.el9.src",
"9Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el9.aarch64",
"9Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el9.x86_64",
"9Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.aarch64",
"9Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7521"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"7Server-CNV-4.13:kubevirt-0:4.13.6-1596.el7.src",
"7Server-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el7.x86_64",
"7Server-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el7.x86_64",
"8Base-CNV-4.13:kubevirt-0:4.13.6-1596.el8.src",
"8Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el8.aarch64",
"8Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el8.x86_64",
"8Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.aarch64",
"8Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.x86_64",
"9Base-CNV-4.13:kubevirt-0:4.13.6-1596.el9.src",
"9Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el9.aarch64",
"9Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el9.x86_64",
"9Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.aarch64",
"9Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.13:kubevirt-0:4.13.6-1596.el7.src",
"7Server-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el7.x86_64",
"7Server-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el7.x86_64",
"8Base-CNV-4.13:kubevirt-0:4.13.6-1596.el8.src",
"8Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el8.aarch64",
"8Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el8.x86_64",
"8Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.aarch64",
"8Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el8.x86_64",
"9Base-CNV-4.13:kubevirt-0:4.13.6-1596.el9.src",
"9Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el9.aarch64",
"9Base-CNV-4.13:kubevirt-virtctl-0:4.13.6-1596.el9.x86_64",
"9Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.aarch64",
"9Base-CNV-4.13:kubevirt-virtctl-redistributable-0:4.13.6-1596.el9.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:7522
Vulnerability from csaf_redhat - Published: 2023-11-28 13:45 - Updated: 2026-06-25 07:59Summary
Red Hat Security Advisory: OpenShift Virtualization 4.13.6 security and bug fix update
Severity
Important
Notes
Topic: Red Hat OpenShift Virtualization release 4.13.6 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains OpenShift Virtualization 4.13.6 images.
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Virtual machine export is not working on Quota defined namespace (BZ#2236422)
* [4.13] Host assisted clone hangs because some provisioners don't allow mounting block PVC read only (BZ#2247666)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/bridge-marker-rhel9@sha256:0e71d3c240537211edc18dfdfb3e5a3eca9f88a53ee3fd7d58dc18074644a69c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/bridge-marker-rhel9@sha256:d85a4f8ec1cea7bba6575be9984f48fce5a4600b562fb072780719f1bc5ed80e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:107d04e43edd1399d48742b8830dcba237809320a1fec8b4f68782b0efc2fd86_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:f559d2bdbd8487f726498d10f96a3951f0e44b7c063939cabfca16e74c35bd68_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:01630384f181e43217d435dcc0ae92e137bf976876690b68c442e59cc4b50d80_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:18d5ce221b8b2c938b2d52d6751e4679b57a7723ff02698ab0fce89c4c160bd9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:380f2d6a3b273717a130ff60531efbcbad5031b503d6be70e74f0dad77e61e48_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:ab8e7f2fac2870e0ac55a6b22ecac1120db26f9203687588be13ad3e644835a3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubemacpool-rhel9@sha256:81e70858aab8bda6cc23788eab031ec38b00b45fb87a4358a98d11f511030396_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubesecondarydns-rhel9@sha256:a82f6e4ae5e2f3f26e81b5ed030a892c48165a69584cdb636bc281c2f63ab3f0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubesecondarydns-rhel9@sha256:c7f3ad8727cda85d27466ccba129d0835e2a40cd23a1104e5d688887144d0eac_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:10505edee0e2e0deedb789149d5393da6a654dd509b01eaec0831fa687efdafd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:29923097262e92e2ea605816ab5dc49a8e391da69443d874ddb79202b9af51cf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:58432b96b2bd469584d3c5492a4bf2b932276ea4d32ce19f9fd123bc6c5a1d93_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:7aefe2a125e668580ed6b175c5d650c2d14df33718a45081a5cb3f415787e348_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/multus-dynamic-networks-rhel9@sha256:daf59cf25c54c336cc34862a297c9bdf03e898dbede98e0f2ca34ef1afeec3aa_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/multus-dynamic-networks-rhel9@sha256:f8294e9932f5bd8e6a5396c1cdd648c81e787788bdd30ac1a5701d383f222f4e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/ovs-cni-plugin-rhel9@sha256:0a2c2835ba5b828fb97e7645dd68f03a14c308a470e7147c6174d8d5ada11de0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/ovs-cni-plugin-rhel9@sha256:96d1fc0366532f53aeab7438d4805807964d79188ad240a116e891075aaa4512_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/vm-console-proxy-rhel9@sha256:1b53c2b30db706797bdb1c5d6f08e8e66e009eb87ee5c3ace6196e8940c6a43a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/vm-console-proxy-rhel9@sha256:91cad92cf5849d910a26ca8d704963372818f23619656032893291530633935c_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
70 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:92c79fa3527d94798647e08d652d3efa3de951792938514d1c975216a9deb6b1_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/cnv-must-gather-rhel9@sha256:01237c51aae3adceeea01460602c5bb900357444cae56ae0e22e99c818435692_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/cnv-must-gather-rhel9@sha256:1fe01e810e8e7b6b86d60199113bd59ca65fe92f7619c9fb7e953ac6eef5d3e3_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/hco-bundle-registry-rhel9@sha256:1b696ba369b10f370f5e13d5cb86cacd34fae5406454e2f89a91708b34efd350_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/hco-bundle-registry-rhel9@sha256:bd1138c5193f4141105fdf665bf60693631ee6edafa8688cd541534fb8b4da88_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/hostpath-csi-driver-rhel9@sha256:4d3b8bc4aebf94a9fd4247bca243e7a19e9bc7ddb0060f3020eaae90a4d3b554_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/hostpath-csi-driver-rhel9@sha256:67a15301595b1552963b684a2bdcbabd0b7c9f64efea05a22f1defaeb802e000_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:46935d95ae6c7861756fee7c4026d7877d6991ae7d237aeade91694c98ececd6_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:91d2e6eb9652199683914aa039cb9e1df6f17f1c9a4c8bde03cb8dbf146cf66e_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-rhel9@sha256:9ebff9a91c3fb8018cafc2f47834375575921677a1dd30b5d4b8205a3fc9b08e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-rhel9@sha256:a66f5bdcf12014dc03a240fcdb800545c992b7f6b3fe8471b10431e98ab1abc9_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:44425d1d119a2f9cb64dfad35ef5699b246ac4373e13c3184db67e53c7de4c01_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:5a053e4919a82d77a3b889ea0d67e2cb8fcdb3c0490eaaee2a2c6695ff7b8bc3_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:eb09be5eb5cc9c61ac72e16d868001911cb900cee4e0d4b33e0e1bf2121b8bd1_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:ebf7a7fccbcfde5a5e41789bc6674b956b24f9ea467b0b1a78c8e4edf3ef84b0_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:13618d47989e341d083ccfc8562031fa70c1b40c74962cbab719b2dd0816554d_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:9ba387cfd3ac34a6feb5dca25702a9a5361dfe81b4c4837fb916ec25952d4c39_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:a1c68142038f9c1e8c09d0160c2c419900a672ebfdf6ca2ed8654f7111b39ea9_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e12388f059afbd197b3d522f078c98ca78b937d6306b73e1797eedf838f8ba5_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e6271542b1628a195ea3fbe5eaba8344d395c861c2ecfc71d1f031dd41aa79c_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:326c0ae083455c35ea6af7a7e81d4fe345fb0eeb9dfa141b32c53e9679cce929_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:ad8302605f2ad0bd58cdc6ccf3121cd5d626b4cda25fa879cf6baf340f60e5e1_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:8d70b6abac3ed0f2af3b2ce2017ca6a26619e2bbf57ffd91137448a3195d1061_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:d418e632cbce9b80986597698fec46298f5c4543d886b22b66b2d29367915456_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:eee2a83077e00faba6b8ae62dce61b2e03cb5a19a68a724b55b2ea70b709302d_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:18c1bba00e243364d013c4d113c0685a9d5097111a296c0c01883b5440d44e56_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:1969c2916efecbd6422f5e994dd6950295e87addfc82ab02fc7d336087ff7bd0_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:8e5b9f9ff73f7a8665bd463e4fe1c7a3672760c552ca52e5a81975a13ef20fa5_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-template-validator-rhel9@sha256:c98f4ef7277902010d91f6a0c9dee0c1773e61a60754204fa6463ff92e1ded80_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-template-validator-rhel9@sha256:f1e61b9acc97c059a5976ef1a1a88ece74ce2032726a86822bc376381ab67ad3_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/libguestfs-tools-rhel9@sha256:5baa2f7b1d1041ca38a51bc2afd7657a5e9ac485f1cc676cdbb4f1ab39782d04_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/libguestfs-tools-rhel9@sha256:dfc089d7a360ce8741058710348f5bcd14d3644fb8f47616195e1ee25bf2d6c6_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-api-rhel9@sha256:10de7c74d019f1146ddb93943810037849a1132b4c4df61b5f4184c3ecf9e69c_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-api-rhel9@sha256:c169c2406713b935ef99db16ac25546c56c35407fbe2c9700b08a85310ad0fe6_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-artifacts-server-rhel9@sha256:905d1c79e6577e9e5dba896ca6b24914b8bdf203f84fb6d2107b8ffaeeb60de4_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:d3a725b602d28a5fae21e03d629706baf0c171ecc7798cdb9fc2b82ca9e12474_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-cloner-rhel9@sha256:5bdea09f1c761544b93f7253a84bda794f518276f5fb11cde5dc188b1dc536ce_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-cloner-rhel9@sha256:e214218ed2008370a3e17889780171890dbe21baec315d3b87903ad9d3c06ee3_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-controller-rhel9@sha256:071c30274715467149dbb835cdbca395d48e41b98bdaaff3a261fb82cd2bf471_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-controller-rhel9@sha256:292e78073b80e1559110c267a25dc3c5000f767046aea2c6d18f7a6bfdd2a3f6_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-importer-rhel9@sha256:8d3ac293847b9314980a9142645cb69c541263eea18efb85a1872a56a061d0f1_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-importer-rhel9@sha256:c0629b38e9cfea842fe0c1b2a90c9750b31242ac7a71ae51418068f69bb51424_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-operator-rhel9@sha256:7c3a59429cb99215aec23cb956a1871ebe1d9e62197120e716b5bcc2e1dd6964_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-operator-rhel9@sha256:fdbd6dc5be9638ffdbb1aef724d6a46ec2ba1beb6e16c089d4d05fb28aa4f794_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7a171c401dfeb5552805ac3b4038f0ef341ef7655e36e71897ab6e6682fa3bc5_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7b21effa6d3e7e6852eda6df2bdb932f844278737c5926c7ec5645c2722786dc_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:74f7c60a7c34d8af32b082f02e7f7338efafe0792ba386b2703f05ac1a7c49c2_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:8f7d079101239ef1071771bcb3122c51134b4fd06dab34a1ea6e8454492045c7_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-controller-rhel9@sha256:71a719d5eaa4db12b17f602bcf2d3231fcd9a47cc631153b44e8f22ce1e1f307_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-controller-rhel9@sha256:f40ccbed7cb8c6c488cae4c8e569789a508e4e9c490dba4e8aca667b7ae95853_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-exportproxy-rhel9@sha256:716b79da2f6ce3e9ee19bd3a1e9932afcfbeb0395783c0de492da49e1f26fc5b_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-exportproxy-rhel9@sha256:9b03b296b984ca9140224eb0158fab9e77a6645cc43ab4207de891a538eb1300_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-exportserver-rhel9@sha256:048303ba05b860b512848c5cfc9ca03c4106781a4d8aff9c3255b48af9391886_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-exportserver-rhel9@sha256:60a187ab354a59e5cb367e313e62a36ee6a674141ae04526d3e7a29152792d7e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-handler-rhel9@sha256:28c43deef9f4b766bbcfdd97c3ace0945c12e446775ba842287bb633b4e9936d_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-handler-rhel9@sha256:dd73561b49637055dc43c0659f89f969bd45761993586bed9e19ef13e2479708_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-launcher-rhel9@sha256:d8609dd0052664ee59e4bb91b3548ac589b487ca4ebcb91bda42ba52ff62b6db_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-launcher-rhel9@sha256:f9841e11df1c4a2eb6c5b90c6540ca3af8de2a5f6249fd2793e7f632e420f848_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-operator-rhel9@sha256:dfc42f4a3243e8533c62f6d8314b6878d8a8f10d46d5481537848b9187b5a4cd_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virtio-win-rhel9@sha256:b0ee06ec0f4764f15ab360c8915f4b4110073a9501f5901ce6acd0051df6e868_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virtio-win-rhel9@sha256:c38ad9283ef7dbddaa430538cd5ab694721b3d60c2115c019a5c49cf1b936649_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:52aac6b150521d0aa2b7ac6627c75dab0e55e8aa96690afa2d8818ff3262faf0_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:ac207fe8bbbbeb066a604246da46bdec218aa90fef62e490c047cc60ab5b222f_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:44425d1d119a2f9cb64dfad35ef5699b246ac4373e13c3184db67e53c7de4c01_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:5a053e4919a82d77a3b889ea0d67e2cb8fcdb3c0490eaaee2a2c6695ff7b8bc3_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
90 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/bridge-marker-rhel9@sha256:0e71d3c240537211edc18dfdfb3e5a3eca9f88a53ee3fd7d58dc18074644a69c_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/bridge-marker-rhel9@sha256:d85a4f8ec1cea7bba6575be9984f48fce5a4600b562fb072780719f1bc5ed80e_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:107d04e43edd1399d48742b8830dcba237809320a1fec8b4f68782b0efc2fd86_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:f559d2bdbd8487f726498d10f96a3951f0e44b7c063939cabfca16e74c35bd68_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:92c79fa3527d94798647e08d652d3efa3de951792938514d1c975216a9deb6b1_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/cnv-must-gather-rhel9@sha256:01237c51aae3adceeea01460602c5bb900357444cae56ae0e22e99c818435692_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/cnv-must-gather-rhel9@sha256:1fe01e810e8e7b6b86d60199113bd59ca65fe92f7619c9fb7e953ac6eef5d3e3_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/hco-bundle-registry-rhel9@sha256:1b696ba369b10f370f5e13d5cb86cacd34fae5406454e2f89a91708b34efd350_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/hco-bundle-registry-rhel9@sha256:bd1138c5193f4141105fdf665bf60693631ee6edafa8688cd541534fb8b4da88_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/hostpath-csi-driver-rhel9@sha256:4d3b8bc4aebf94a9fd4247bca243e7a19e9bc7ddb0060f3020eaae90a4d3b554_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/hostpath-csi-driver-rhel9@sha256:67a15301595b1552963b684a2bdcbabd0b7c9f64efea05a22f1defaeb802e000_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:46935d95ae6c7861756fee7c4026d7877d6991ae7d237aeade91694c98ececd6_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:91d2e6eb9652199683914aa039cb9e1df6f17f1c9a4c8bde03cb8dbf146cf66e_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-rhel9@sha256:9ebff9a91c3fb8018cafc2f47834375575921677a1dd30b5d4b8205a3fc9b08e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-rhel9@sha256:a66f5bdcf12014dc03a240fcdb800545c992b7f6b3fe8471b10431e98ab1abc9_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:01630384f181e43217d435dcc0ae92e137bf976876690b68c442e59cc4b50d80_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:18d5ce221b8b2c938b2d52d6751e4679b57a7723ff02698ab0fce89c4c160bd9_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:380f2d6a3b273717a130ff60531efbcbad5031b503d6be70e74f0dad77e61e48_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:ab8e7f2fac2870e0ac55a6b22ecac1120db26f9203687588be13ad3e644835a3_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubemacpool-rhel9@sha256:81e70858aab8bda6cc23788eab031ec38b00b45fb87a4358a98d11f511030396_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubesecondarydns-rhel9@sha256:a82f6e4ae5e2f3f26e81b5ed030a892c48165a69584cdb636bc281c2f63ab3f0_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubesecondarydns-rhel9@sha256:c7f3ad8727cda85d27466ccba129d0835e2a40cd23a1104e5d688887144d0eac_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:eb09be5eb5cc9c61ac72e16d868001911cb900cee4e0d4b33e0e1bf2121b8bd1_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:ebf7a7fccbcfde5a5e41789bc6674b956b24f9ea467b0b1a78c8e4edf3ef84b0_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:10505edee0e2e0deedb789149d5393da6a654dd509b01eaec0831fa687efdafd_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:29923097262e92e2ea605816ab5dc49a8e391da69443d874ddb79202b9af51cf_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:13618d47989e341d083ccfc8562031fa70c1b40c74962cbab719b2dd0816554d_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:9ba387cfd3ac34a6feb5dca25702a9a5361dfe81b4c4837fb916ec25952d4c39_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:a1c68142038f9c1e8c09d0160c2c419900a672ebfdf6ca2ed8654f7111b39ea9_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e12388f059afbd197b3d522f078c98ca78b937d6306b73e1797eedf838f8ba5_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e6271542b1628a195ea3fbe5eaba8344d395c861c2ecfc71d1f031dd41aa79c_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:326c0ae083455c35ea6af7a7e81d4fe345fb0eeb9dfa141b32c53e9679cce929_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:ad8302605f2ad0bd58cdc6ccf3121cd5d626b4cda25fa879cf6baf340f60e5e1_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:8d70b6abac3ed0f2af3b2ce2017ca6a26619e2bbf57ffd91137448a3195d1061_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:d418e632cbce9b80986597698fec46298f5c4543d886b22b66b2d29367915456_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:eee2a83077e00faba6b8ae62dce61b2e03cb5a19a68a724b55b2ea70b709302d_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:18c1bba00e243364d013c4d113c0685a9d5097111a296c0c01883b5440d44e56_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:1969c2916efecbd6422f5e994dd6950295e87addfc82ab02fc7d336087ff7bd0_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:58432b96b2bd469584d3c5492a4bf2b932276ea4d32ce19f9fd123bc6c5a1d93_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:7aefe2a125e668580ed6b175c5d650c2d14df33718a45081a5cb3f415787e348_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:8e5b9f9ff73f7a8665bd463e4fe1c7a3672760c552ca52e5a81975a13ef20fa5_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-template-validator-rhel9@sha256:c98f4ef7277902010d91f6a0c9dee0c1773e61a60754204fa6463ff92e1ded80_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/kubevirt-template-validator-rhel9@sha256:f1e61b9acc97c059a5976ef1a1a88ece74ce2032726a86822bc376381ab67ad3_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/libguestfs-tools-rhel9@sha256:5baa2f7b1d1041ca38a51bc2afd7657a5e9ac485f1cc676cdbb4f1ab39782d04_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/libguestfs-tools-rhel9@sha256:dfc089d7a360ce8741058710348f5bcd14d3644fb8f47616195e1ee25bf2d6c6_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/multus-dynamic-networks-rhel9@sha256:daf59cf25c54c336cc34862a297c9bdf03e898dbede98e0f2ca34ef1afeec3aa_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/multus-dynamic-networks-rhel9@sha256:f8294e9932f5bd8e6a5396c1cdd648c81e787788bdd30ac1a5701d383f222f4e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/ovs-cni-plugin-rhel9@sha256:0a2c2835ba5b828fb97e7645dd68f03a14c308a470e7147c6174d8d5ada11de0_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/ovs-cni-plugin-rhel9@sha256:96d1fc0366532f53aeab7438d4805807964d79188ad240a116e891075aaa4512_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-api-rhel9@sha256:10de7c74d019f1146ddb93943810037849a1132b4c4df61b5f4184c3ecf9e69c_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-api-rhel9@sha256:c169c2406713b935ef99db16ac25546c56c35407fbe2c9700b08a85310ad0fe6_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-artifacts-server-rhel9@sha256:905d1c79e6577e9e5dba896ca6b24914b8bdf203f84fb6d2107b8ffaeeb60de4_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:d3a725b602d28a5fae21e03d629706baf0c171ecc7798cdb9fc2b82ca9e12474_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-cloner-rhel9@sha256:5bdea09f1c761544b93f7253a84bda794f518276f5fb11cde5dc188b1dc536ce_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-cloner-rhel9@sha256:e214218ed2008370a3e17889780171890dbe21baec315d3b87903ad9d3c06ee3_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-controller-rhel9@sha256:071c30274715467149dbb835cdbca395d48e41b98bdaaff3a261fb82cd2bf471_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-controller-rhel9@sha256:292e78073b80e1559110c267a25dc3c5000f767046aea2c6d18f7a6bfdd2a3f6_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-importer-rhel9@sha256:8d3ac293847b9314980a9142645cb69c541263eea18efb85a1872a56a061d0f1_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-importer-rhel9@sha256:c0629b38e9cfea842fe0c1b2a90c9750b31242ac7a71ae51418068f69bb51424_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-operator-rhel9@sha256:7c3a59429cb99215aec23cb956a1871ebe1d9e62197120e716b5bcc2e1dd6964_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-operator-rhel9@sha256:fdbd6dc5be9638ffdbb1aef724d6a46ec2ba1beb6e16c089d4d05fb28aa4f794_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7a171c401dfeb5552805ac3b4038f0ef341ef7655e36e71897ab6e6682fa3bc5_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7b21effa6d3e7e6852eda6df2bdb932f844278737c5926c7ec5645c2722786dc_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:74f7c60a7c34d8af32b082f02e7f7338efafe0792ba386b2703f05ac1a7c49c2_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:8f7d079101239ef1071771bcb3122c51134b4fd06dab34a1ea6e8454492045c7_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-controller-rhel9@sha256:71a719d5eaa4db12b17f602bcf2d3231fcd9a47cc631153b44e8f22ce1e1f307_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-controller-rhel9@sha256:f40ccbed7cb8c6c488cae4c8e569789a508e4e9c490dba4e8aca667b7ae95853_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-exportproxy-rhel9@sha256:716b79da2f6ce3e9ee19bd3a1e9932afcfbeb0395783c0de492da49e1f26fc5b_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-exportproxy-rhel9@sha256:9b03b296b984ca9140224eb0158fab9e77a6645cc43ab4207de891a538eb1300_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-exportserver-rhel9@sha256:048303ba05b860b512848c5cfc9ca03c4106781a4d8aff9c3255b48af9391886_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-exportserver-rhel9@sha256:60a187ab354a59e5cb367e313e62a36ee6a674141ae04526d3e7a29152792d7e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-handler-rhel9@sha256:28c43deef9f4b766bbcfdd97c3ace0945c12e446775ba842287bb633b4e9936d_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-handler-rhel9@sha256:dd73561b49637055dc43c0659f89f969bd45761993586bed9e19ef13e2479708_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-launcher-rhel9@sha256:d8609dd0052664ee59e4bb91b3548ac589b487ca4ebcb91bda42ba52ff62b6db_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-launcher-rhel9@sha256:f9841e11df1c4a2eb6c5b90c6540ca3af8de2a5f6249fd2793e7f632e420f848_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virt-operator-rhel9@sha256:dfc42f4a3243e8533c62f6d8314b6878d8a8f10d46d5481537848b9187b5a4cd_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virtio-win-rhel9@sha256:b0ee06ec0f4764f15ab360c8915f4b4110073a9501f5901ce6acd0051df6e868_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/virtio-win-rhel9@sha256:c38ad9283ef7dbddaa430538cd5ab694721b3d60c2115c019a5c49cf1b936649_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/vm-console-proxy-rhel9@sha256:1b53c2b30db706797bdb1c5d6f08e8e66e009eb87ee5c3ace6196e8940c6a43a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/vm-console-proxy-rhel9@sha256:91cad92cf5849d910a26ca8d704963372818f23619656032893291530633935c_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:52aac6b150521d0aa2b7ac6627c75dab0e55e8aa96690afa2d8818ff3262faf0_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CNV-4.13:container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:ac207fe8bbbbeb066a604246da46bdec218aa90fef62e490c047cc60ab5b222f_amd64 | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Virtualization release 4.13.6 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains OpenShift Virtualization 4.13.6 images.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Virtual machine export is not working on Quota defined namespace (BZ#2236422)\n\n* [4.13] Host assisted clone hangs because some provisioners don\u0027t allow mounting block PVC read only (BZ#2247666)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7522",
"url": "https://access.redhat.com/errata/RHSA-2023:7522"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2236422",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236422"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "2247666",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247666"
},
{
"category": "external",
"summary": "CNV-34788",
"url": "https://issues.redhat.com/browse/CNV-34788"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7522.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Virtualization 4.13.6 security and bug fix update",
"tracking": {
"current_release_date": "2026-06-25T07:59:07+00:00",
"generator": {
"date": "2026-06-25T07:59:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2023:7522",
"initial_release_date": "2023-11-28T13:45:02+00:00",
"revision_history": [
{
"date": "2023-11-28T13:45:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-28T13:45:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-25T07:59:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CNV 4.13 for RHEL 9",
"product": {
"name": "CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.13::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "container-native-virtualization/bridge-marker-rhel9@sha256:0e71d3c240537211edc18dfdfb3e5a3eca9f88a53ee3fd7d58dc18074644a69c_amd64",
"product": {
"name": "container-native-virtualization/bridge-marker-rhel9@sha256:0e71d3c240537211edc18dfdfb3e5a3eca9f88a53ee3fd7d58dc18074644a69c_amd64",
"product_id": "container-native-virtualization/bridge-marker-rhel9@sha256:0e71d3c240537211edc18dfdfb3e5a3eca9f88a53ee3fd7d58dc18074644a69c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bridge-marker-rhel9@sha256:0e71d3c240537211edc18dfdfb3e5a3eca9f88a53ee3fd7d58dc18074644a69c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/bridge-marker-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:f559d2bdbd8487f726498d10f96a3951f0e44b7c063939cabfca16e74c35bd68_amd64",
"product": {
"name": "container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:f559d2bdbd8487f726498d10f96a3951f0e44b7c063939cabfca16e74c35bd68_amd64",
"product_id": "container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:f559d2bdbd8487f726498d10f96a3951f0e44b7c063939cabfca16e74c35bd68_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-network-addons-operator-rhel9@sha256:f559d2bdbd8487f726498d10f96a3951f0e44b7c063939cabfca16e74c35bd68?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:92c79fa3527d94798647e08d652d3efa3de951792938514d1c975216a9deb6b1_amd64",
"product": {
"name": "container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:92c79fa3527d94798647e08d652d3efa3de951792938514d1c975216a9deb6b1_amd64",
"product_id": "container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:92c79fa3527d94798647e08d652d3efa3de951792938514d1c975216a9deb6b1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-containernetworking-plugins-rhel9@sha256:92c79fa3527d94798647e08d652d3efa3de951792938514d1c975216a9deb6b1?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-must-gather-rhel9@sha256:1fe01e810e8e7b6b86d60199113bd59ca65fe92f7619c9fb7e953ac6eef5d3e3_amd64",
"product": {
"name": "container-native-virtualization/cnv-must-gather-rhel9@sha256:1fe01e810e8e7b6b86d60199113bd59ca65fe92f7619c9fb7e953ac6eef5d3e3_amd64",
"product_id": "container-native-virtualization/cnv-must-gather-rhel9@sha256:1fe01e810e8e7b6b86d60199113bd59ca65fe92f7619c9fb7e953ac6eef5d3e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-must-gather-rhel9@sha256:1fe01e810e8e7b6b86d60199113bd59ca65fe92f7619c9fb7e953ac6eef5d3e3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hco-bundle-registry-rhel9@sha256:bd1138c5193f4141105fdf665bf60693631ee6edafa8688cd541534fb8b4da88_amd64",
"product": {
"name": "container-native-virtualization/hco-bundle-registry-rhel9@sha256:bd1138c5193f4141105fdf665bf60693631ee6edafa8688cd541534fb8b4da88_amd64",
"product_id": "container-native-virtualization/hco-bundle-registry-rhel9@sha256:bd1138c5193f4141105fdf665bf60693631ee6edafa8688cd541534fb8b4da88_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hco-bundle-registry-rhel9@sha256:bd1138c5193f4141105fdf665bf60693631ee6edafa8688cd541534fb8b4da88?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry-rhel9\u0026tag=v4.13.6.rhel9--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-csi-driver-rhel9@sha256:67a15301595b1552963b684a2bdcbabd0b7c9f64efea05a22f1defaeb802e000_amd64",
"product": {
"name": "container-native-virtualization/hostpath-csi-driver-rhel9@sha256:67a15301595b1552963b684a2bdcbabd0b7c9f64efea05a22f1defaeb802e000_amd64",
"product_id": "container-native-virtualization/hostpath-csi-driver-rhel9@sha256:67a15301595b1552963b684a2bdcbabd0b7c9f64efea05a22f1defaeb802e000_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-csi-driver-rhel9@sha256:67a15301595b1552963b684a2bdcbabd0b7c9f64efea05a22f1defaeb802e000?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:46935d95ae6c7861756fee7c4026d7877d6991ae7d237aeade91694c98ececd6_amd64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:46935d95ae6c7861756fee7c4026d7877d6991ae7d237aeade91694c98ececd6_amd64",
"product_id": "container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:46935d95ae6c7861756fee7c4026d7877d6991ae7d237aeade91694c98ececd6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-operator-rhel9@sha256:46935d95ae6c7861756fee7c4026d7877d6991ae7d237aeade91694c98ececd6?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-operator-rhel9\u0026tag=v4.13.6-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-rhel9@sha256:9ebff9a91c3fb8018cafc2f47834375575921677a1dd30b5d4b8205a3fc9b08e_amd64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-rhel9@sha256:9ebff9a91c3fb8018cafc2f47834375575921677a1dd30b5d4b8205a3fc9b08e_amd64",
"product_id": "container-native-virtualization/hostpath-provisioner-rhel9@sha256:9ebff9a91c3fb8018cafc2f47834375575921677a1dd30b5d4b8205a3fc9b08e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-rhel9@sha256:9ebff9a91c3fb8018cafc2f47834375575921677a1dd30b5d4b8205a3fc9b08e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:01630384f181e43217d435dcc0ae92e137bf976876690b68c442e59cc4b50d80_amd64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:01630384f181e43217d435dcc0ae92e137bf976876690b68c442e59cc4b50d80_amd64",
"product_id": "container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:01630384f181e43217d435dcc0ae92e137bf976876690b68c442e59cc4b50d80_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-operator-rhel9@sha256:01630384f181e43217d435dcc0ae92e137bf976876690b68c442e59cc4b50d80?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:380f2d6a3b273717a130ff60531efbcbad5031b503d6be70e74f0dad77e61e48_amd64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:380f2d6a3b273717a130ff60531efbcbad5031b503d6be70e74f0dad77e61e48_amd64",
"product_id": "container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:380f2d6a3b273717a130ff60531efbcbad5031b503d6be70e74f0dad77e61e48_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-webhook-rhel9@sha256:380f2d6a3b273717a130ff60531efbcbad5031b503d6be70e74f0dad77e61e48?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubemacpool-rhel9@sha256:81e70858aab8bda6cc23788eab031ec38b00b45fb87a4358a98d11f511030396_amd64",
"product": {
"name": "container-native-virtualization/kubemacpool-rhel9@sha256:81e70858aab8bda6cc23788eab031ec38b00b45fb87a4358a98d11f511030396_amd64",
"product_id": "container-native-virtualization/kubemacpool-rhel9@sha256:81e70858aab8bda6cc23788eab031ec38b00b45fb87a4358a98d11f511030396_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubemacpool-rhel9@sha256:81e70858aab8bda6cc23788eab031ec38b00b45fb87a4358a98d11f511030396?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubemacpool-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubesecondarydns-rhel9@sha256:a82f6e4ae5e2f3f26e81b5ed030a892c48165a69584cdb636bc281c2f63ab3f0_amd64",
"product": {
"name": "container-native-virtualization/kubesecondarydns-rhel9@sha256:a82f6e4ae5e2f3f26e81b5ed030a892c48165a69584cdb636bc281c2f63ab3f0_amd64",
"product_id": "container-native-virtualization/kubesecondarydns-rhel9@sha256:a82f6e4ae5e2f3f26e81b5ed030a892c48165a69584cdb636bc281c2f63ab3f0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubesecondarydns-rhel9@sha256:a82f6e4ae5e2f3f26e81b5ed030a892c48165a69584cdb636bc281c2f63ab3f0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubesecondarydns-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:44425d1d119a2f9cb64dfad35ef5699b246ac4373e13c3184db67e53c7de4c01_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:44425d1d119a2f9cb64dfad35ef5699b246ac4373e13c3184db67e53c7de4c01_amd64",
"product_id": "container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:44425d1d119a2f9cb64dfad35ef5699b246ac4373e13c3184db67e53c7de4c01_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-console-plugin-rhel9@sha256:44425d1d119a2f9cb64dfad35ef5699b246ac4373e13c3184db67e53c7de4c01?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-console-plugin-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:ebf7a7fccbcfde5a5e41789bc6674b956b24f9ea467b0b1a78c8e4edf3ef84b0_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:ebf7a7fccbcfde5a5e41789bc6674b956b24f9ea467b0b1a78c8e4edf3ef84b0_amd64",
"product_id": "container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:ebf7a7fccbcfde5a5e41789bc6674b956b24f9ea467b0b1a78c8e4edf3ef84b0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-dpdk-checkup-rhel9@sha256:ebf7a7fccbcfde5a5e41789bc6674b956b24f9ea467b0b1a78c8e4edf3ef84b0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-dpdk-checkup-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:10505edee0e2e0deedb789149d5393da6a654dd509b01eaec0831fa687efdafd_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:10505edee0e2e0deedb789149d5393da6a654dd509b01eaec0831fa687efdafd_amd64",
"product_id": "container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:10505edee0e2e0deedb789149d5393da6a654dd509b01eaec0831fa687efdafd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-ssp-operator-rhel9@sha256:10505edee0e2e0deedb789149d5393da6a654dd509b01eaec0831fa687efdafd?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator-rhel9\u0026tag=v4.13.6-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:9ba387cfd3ac34a6feb5dca25702a9a5361dfe81b4c4837fb916ec25952d4c39_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:9ba387cfd3ac34a6feb5dca25702a9a5361dfe81b4c4837fb916ec25952d4c39_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:9ba387cfd3ac34a6feb5dca25702a9a5361dfe81b4c4837fb916ec25952d4c39_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:9ba387cfd3ac34a6feb5dca25702a9a5361dfe81b4c4837fb916ec25952d4c39?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e12388f059afbd197b3d522f078c98ca78b937d6306b73e1797eedf838f8ba5_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e12388f059afbd197b3d522f078c98ca78b937d6306b73e1797eedf838f8ba5_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e12388f059afbd197b3d522f078c98ca78b937d6306b73e1797eedf838f8ba5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e12388f059afbd197b3d522f078c98ca78b937d6306b73e1797eedf838f8ba5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:ad8302605f2ad0bd58cdc6ccf3121cd5d626b4cda25fa879cf6baf340f60e5e1_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:ad8302605f2ad0bd58cdc6ccf3121cd5d626b4cda25fa879cf6baf340f60e5e1_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:ad8302605f2ad0bd58cdc6ccf3121cd5d626b4cda25fa879cf6baf340f60e5e1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:ad8302605f2ad0bd58cdc6ccf3121cd5d626b4cda25fa879cf6baf340f60e5e1?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:8d70b6abac3ed0f2af3b2ce2017ca6a26619e2bbf57ffd91137448a3195d1061_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:8d70b6abac3ed0f2af3b2ce2017ca6a26619e2bbf57ffd91137448a3195d1061_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:8d70b6abac3ed0f2af3b2ce2017ca6a26619e2bbf57ffd91137448a3195d1061_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:8d70b6abac3ed0f2af3b2ce2017ca6a26619e2bbf57ffd91137448a3195d1061?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:eee2a83077e00faba6b8ae62dce61b2e03cb5a19a68a724b55b2ea70b709302d_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:eee2a83077e00faba6b8ae62dce61b2e03cb5a19a68a724b55b2ea70b709302d_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:eee2a83077e00faba6b8ae62dce61b2e03cb5a19a68a724b55b2ea70b709302d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:eee2a83077e00faba6b8ae62dce61b2e03cb5a19a68a724b55b2ea70b709302d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:18c1bba00e243364d013c4d113c0685a9d5097111a296c0c01883b5440d44e56_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:18c1bba00e243364d013c4d113c0685a9d5097111a296c0c01883b5440d44e56_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:18c1bba00e243364d013c4d113c0685a9d5097111a296c0c01883b5440d44e56_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:18c1bba00e243364d013c4d113c0685a9d5097111a296c0c01883b5440d44e56?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:58432b96b2bd469584d3c5492a4bf2b932276ea4d32ce19f9fd123bc6c5a1d93_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:58432b96b2bd469584d3c5492a4bf2b932276ea4d32ce19f9fd123bc6c5a1d93_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:58432b96b2bd469584d3c5492a4bf2b932276ea4d32ce19f9fd123bc6c5a1d93_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-operator-rhel9@sha256:58432b96b2bd469584d3c5492a4bf2b932276ea4d32ce19f9fd123bc6c5a1d93?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-template-validator-rhel9@sha256:c98f4ef7277902010d91f6a0c9dee0c1773e61a60754204fa6463ff92e1ded80_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-template-validator-rhel9@sha256:c98f4ef7277902010d91f6a0c9dee0c1773e61a60754204fa6463ff92e1ded80_amd64",
"product_id": "container-native-virtualization/kubevirt-template-validator-rhel9@sha256:c98f4ef7277902010d91f6a0c9dee0c1773e61a60754204fa6463ff92e1ded80_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-template-validator-rhel9@sha256:c98f4ef7277902010d91f6a0c9dee0c1773e61a60754204fa6463ff92e1ded80?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/libguestfs-tools-rhel9@sha256:dfc089d7a360ce8741058710348f5bcd14d3644fb8f47616195e1ee25bf2d6c6_amd64",
"product": {
"name": "container-native-virtualization/libguestfs-tools-rhel9@sha256:dfc089d7a360ce8741058710348f5bcd14d3644fb8f47616195e1ee25bf2d6c6_amd64",
"product_id": "container-native-virtualization/libguestfs-tools-rhel9@sha256:dfc089d7a360ce8741058710348f5bcd14d3644fb8f47616195e1ee25bf2d6c6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/libguestfs-tools-rhel9@sha256:dfc089d7a360ce8741058710348f5bcd14d3644fb8f47616195e1ee25bf2d6c6?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/multus-dynamic-networks-rhel9@sha256:f8294e9932f5bd8e6a5396c1cdd648c81e787788bdd30ac1a5701d383f222f4e_amd64",
"product": {
"name": "container-native-virtualization/multus-dynamic-networks-rhel9@sha256:f8294e9932f5bd8e6a5396c1cdd648c81e787788bdd30ac1a5701d383f222f4e_amd64",
"product_id": "container-native-virtualization/multus-dynamic-networks-rhel9@sha256:f8294e9932f5bd8e6a5396c1cdd648c81e787788bdd30ac1a5701d383f222f4e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multus-dynamic-networks-rhel9@sha256:f8294e9932f5bd8e6a5396c1cdd648c81e787788bdd30ac1a5701d383f222f4e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/multus-dynamic-networks-rhel9\u0026tag=v4.13.6-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/ovs-cni-plugin-rhel9@sha256:0a2c2835ba5b828fb97e7645dd68f03a14c308a470e7147c6174d8d5ada11de0_amd64",
"product": {
"name": "container-native-virtualization/ovs-cni-plugin-rhel9@sha256:0a2c2835ba5b828fb97e7645dd68f03a14c308a470e7147c6174d8d5ada11de0_amd64",
"product_id": "container-native-virtualization/ovs-cni-plugin-rhel9@sha256:0a2c2835ba5b828fb97e7645dd68f03a14c308a470e7147c6174d8d5ada11de0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ovs-cni-plugin-rhel9@sha256:0a2c2835ba5b828fb97e7645dd68f03a14c308a470e7147c6174d8d5ada11de0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-api-rhel9@sha256:10de7c74d019f1146ddb93943810037849a1132b4c4df61b5f4184c3ecf9e69c_amd64",
"product": {
"name": "container-native-virtualization/virt-api-rhel9@sha256:10de7c74d019f1146ddb93943810037849a1132b4c4df61b5f4184c3ecf9e69c_amd64",
"product_id": "container-native-virtualization/virt-api-rhel9@sha256:10de7c74d019f1146ddb93943810037849a1132b4c4df61b5f4184c3ecf9e69c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-api-rhel9@sha256:10de7c74d019f1146ddb93943810037849a1132b4c4df61b5f4184c3ecf9e69c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-api-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-artifacts-server-rhel9@sha256:905d1c79e6577e9e5dba896ca6b24914b8bdf203f84fb6d2107b8ffaeeb60de4_amd64",
"product": {
"name": "container-native-virtualization/virt-artifacts-server-rhel9@sha256:905d1c79e6577e9e5dba896ca6b24914b8bdf203f84fb6d2107b8ffaeeb60de4_amd64",
"product_id": "container-native-virtualization/virt-artifacts-server-rhel9@sha256:905d1c79e6577e9e5dba896ca6b24914b8bdf203f84fb6d2107b8ffaeeb60de4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-artifacts-server-rhel9@sha256:905d1c79e6577e9e5dba896ca6b24914b8bdf203f84fb6d2107b8ffaeeb60de4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b_amd64",
"product_id": "container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-cloner-rhel9@sha256:e214218ed2008370a3e17889780171890dbe21baec315d3b87903ad9d3c06ee3_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-cloner-rhel9@sha256:e214218ed2008370a3e17889780171890dbe21baec315d3b87903ad9d3c06ee3_amd64",
"product_id": "container-native-virtualization/virt-cdi-cloner-rhel9@sha256:e214218ed2008370a3e17889780171890dbe21baec315d3b87903ad9d3c06ee3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-cloner-rhel9@sha256:e214218ed2008370a3e17889780171890dbe21baec315d3b87903ad9d3c06ee3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-controller-rhel9@sha256:292e78073b80e1559110c267a25dc3c5000f767046aea2c6d18f7a6bfdd2a3f6_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-controller-rhel9@sha256:292e78073b80e1559110c267a25dc3c5000f767046aea2c6d18f7a6bfdd2a3f6_amd64",
"product_id": "container-native-virtualization/virt-cdi-controller-rhel9@sha256:292e78073b80e1559110c267a25dc3c5000f767046aea2c6d18f7a6bfdd2a3f6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-controller-rhel9@sha256:292e78073b80e1559110c267a25dc3c5000f767046aea2c6d18f7a6bfdd2a3f6?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-importer-rhel9@sha256:c0629b38e9cfea842fe0c1b2a90c9750b31242ac7a71ae51418068f69bb51424_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-importer-rhel9@sha256:c0629b38e9cfea842fe0c1b2a90c9750b31242ac7a71ae51418068f69bb51424_amd64",
"product_id": "container-native-virtualization/virt-cdi-importer-rhel9@sha256:c0629b38e9cfea842fe0c1b2a90c9750b31242ac7a71ae51418068f69bb51424_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-importer-rhel9@sha256:c0629b38e9cfea842fe0c1b2a90c9750b31242ac7a71ae51418068f69bb51424?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-operator-rhel9@sha256:fdbd6dc5be9638ffdbb1aef724d6a46ec2ba1beb6e16c089d4d05fb28aa4f794_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-operator-rhel9@sha256:fdbd6dc5be9638ffdbb1aef724d6a46ec2ba1beb6e16c089d4d05fb28aa4f794_amd64",
"product_id": "container-native-virtualization/virt-cdi-operator-rhel9@sha256:fdbd6dc5be9638ffdbb1aef724d6a46ec2ba1beb6e16c089d4d05fb28aa4f794_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-operator-rhel9@sha256:fdbd6dc5be9638ffdbb1aef724d6a46ec2ba1beb6e16c089d4d05fb28aa4f794?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7b21effa6d3e7e6852eda6df2bdb932f844278737c5926c7ec5645c2722786dc_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7b21effa6d3e7e6852eda6df2bdb932f844278737c5926c7ec5645c2722786dc_amd64",
"product_id": "container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7b21effa6d3e7e6852eda6df2bdb932f844278737c5926c7ec5645c2722786dc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadproxy-rhel9@sha256:7b21effa6d3e7e6852eda6df2bdb932f844278737c5926c7ec5645c2722786dc?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:8f7d079101239ef1071771bcb3122c51134b4fd06dab34a1ea6e8454492045c7_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:8f7d079101239ef1071771bcb3122c51134b4fd06dab34a1ea6e8454492045c7_amd64",
"product_id": "container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:8f7d079101239ef1071771bcb3122c51134b4fd06dab34a1ea6e8454492045c7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadserver-rhel9@sha256:8f7d079101239ef1071771bcb3122c51134b4fd06dab34a1ea6e8454492045c7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-controller-rhel9@sha256:71a719d5eaa4db12b17f602bcf2d3231fcd9a47cc631153b44e8f22ce1e1f307_amd64",
"product": {
"name": "container-native-virtualization/virt-controller-rhel9@sha256:71a719d5eaa4db12b17f602bcf2d3231fcd9a47cc631153b44e8f22ce1e1f307_amd64",
"product_id": "container-native-virtualization/virt-controller-rhel9@sha256:71a719d5eaa4db12b17f602bcf2d3231fcd9a47cc631153b44e8f22ce1e1f307_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-controller-rhel9@sha256:71a719d5eaa4db12b17f602bcf2d3231fcd9a47cc631153b44e8f22ce1e1f307?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-controller-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-exportproxy-rhel9@sha256:9b03b296b984ca9140224eb0158fab9e77a6645cc43ab4207de891a538eb1300_amd64",
"product": {
"name": "container-native-virtualization/virt-exportproxy-rhel9@sha256:9b03b296b984ca9140224eb0158fab9e77a6645cc43ab4207de891a538eb1300_amd64",
"product_id": "container-native-virtualization/virt-exportproxy-rhel9@sha256:9b03b296b984ca9140224eb0158fab9e77a6645cc43ab4207de891a538eb1300_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-exportproxy-rhel9@sha256:9b03b296b984ca9140224eb0158fab9e77a6645cc43ab4207de891a538eb1300?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-exportproxy-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-exportserver-rhel9@sha256:60a187ab354a59e5cb367e313e62a36ee6a674141ae04526d3e7a29152792d7e_amd64",
"product": {
"name": "container-native-virtualization/virt-exportserver-rhel9@sha256:60a187ab354a59e5cb367e313e62a36ee6a674141ae04526d3e7a29152792d7e_amd64",
"product_id": "container-native-virtualization/virt-exportserver-rhel9@sha256:60a187ab354a59e5cb367e313e62a36ee6a674141ae04526d3e7a29152792d7e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-exportserver-rhel9@sha256:60a187ab354a59e5cb367e313e62a36ee6a674141ae04526d3e7a29152792d7e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-exportserver-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-handler-rhel9@sha256:dd73561b49637055dc43c0659f89f969bd45761993586bed9e19ef13e2479708_amd64",
"product": {
"name": "container-native-virtualization/virt-handler-rhel9@sha256:dd73561b49637055dc43c0659f89f969bd45761993586bed9e19ef13e2479708_amd64",
"product_id": "container-native-virtualization/virt-handler-rhel9@sha256:dd73561b49637055dc43c0659f89f969bd45761993586bed9e19ef13e2479708_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-handler-rhel9@sha256:dd73561b49637055dc43c0659f89f969bd45761993586bed9e19ef13e2479708?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-handler-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virtio-win-rhel9@sha256:b0ee06ec0f4764f15ab360c8915f4b4110073a9501f5901ce6acd0051df6e868_amd64",
"product": {
"name": "container-native-virtualization/virtio-win-rhel9@sha256:b0ee06ec0f4764f15ab360c8915f4b4110073a9501f5901ce6acd0051df6e868_amd64",
"product_id": "container-native-virtualization/virtio-win-rhel9@sha256:b0ee06ec0f4764f15ab360c8915f4b4110073a9501f5901ce6acd0051df6e868_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virtio-win-rhel9@sha256:b0ee06ec0f4764f15ab360c8915f4b4110073a9501f5901ce6acd0051df6e868?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virtio-win-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-launcher-rhel9@sha256:f9841e11df1c4a2eb6c5b90c6540ca3af8de2a5f6249fd2793e7f632e420f848_amd64",
"product": {
"name": "container-native-virtualization/virt-launcher-rhel9@sha256:f9841e11df1c4a2eb6c5b90c6540ca3af8de2a5f6249fd2793e7f632e420f848_amd64",
"product_id": "container-native-virtualization/virt-launcher-rhel9@sha256:f9841e11df1c4a2eb6c5b90c6540ca3af8de2a5f6249fd2793e7f632e420f848_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-launcher-rhel9@sha256:f9841e11df1c4a2eb6c5b90c6540ca3af8de2a5f6249fd2793e7f632e420f848?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-launcher-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-operator-rhel9@sha256:dfc42f4a3243e8533c62f6d8314b6878d8a8f10d46d5481537848b9187b5a4cd_amd64",
"product": {
"name": "container-native-virtualization/virt-operator-rhel9@sha256:dfc42f4a3243e8533c62f6d8314b6878d8a8f10d46d5481537848b9187b5a4cd_amd64",
"product_id": "container-native-virtualization/virt-operator-rhel9@sha256:dfc42f4a3243e8533c62f6d8314b6878d8a8f10d46d5481537848b9187b5a4cd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-operator-rhel9@sha256:dfc42f4a3243e8533c62f6d8314b6878d8a8f10d46d5481537848b9187b5a4cd?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-operator-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-console-proxy-rhel9@sha256:91cad92cf5849d910a26ca8d704963372818f23619656032893291530633935c_amd64",
"product": {
"name": "container-native-virtualization/vm-console-proxy-rhel9@sha256:91cad92cf5849d910a26ca8d704963372818f23619656032893291530633935c_amd64",
"product_id": "container-native-virtualization/vm-console-proxy-rhel9@sha256:91cad92cf5849d910a26ca8d704963372818f23619656032893291530633935c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vm-console-proxy-rhel9@sha256:91cad92cf5849d910a26ca8d704963372818f23619656032893291530633935c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-console-proxy-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:ac207fe8bbbbeb066a604246da46bdec218aa90fef62e490c047cc60ab5b222f_amd64",
"product": {
"name": "container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:ac207fe8bbbbeb066a604246da46bdec218aa90fef62e490c047cc60ab5b222f_amd64",
"product_id": "container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:ac207fe8bbbbeb066a604246da46bdec218aa90fef62e490c047cc60ab5b222f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vm-network-latency-checkup-rhel9@sha256:ac207fe8bbbbeb066a604246da46bdec218aa90fef62e490c047cc60ab5b222f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-network-latency-checkup-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "container-native-virtualization/bridge-marker-rhel9@sha256:d85a4f8ec1cea7bba6575be9984f48fce5a4600b562fb072780719f1bc5ed80e_arm64",
"product": {
"name": "container-native-virtualization/bridge-marker-rhel9@sha256:d85a4f8ec1cea7bba6575be9984f48fce5a4600b562fb072780719f1bc5ed80e_arm64",
"product_id": "container-native-virtualization/bridge-marker-rhel9@sha256:d85a4f8ec1cea7bba6575be9984f48fce5a4600b562fb072780719f1bc5ed80e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/bridge-marker-rhel9@sha256:d85a4f8ec1cea7bba6575be9984f48fce5a4600b562fb072780719f1bc5ed80e?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/bridge-marker-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:107d04e43edd1399d48742b8830dcba237809320a1fec8b4f68782b0efc2fd86_arm64",
"product": {
"name": "container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:107d04e43edd1399d48742b8830dcba237809320a1fec8b4f68782b0efc2fd86_arm64",
"product_id": "container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:107d04e43edd1399d48742b8830dcba237809320a1fec8b4f68782b0efc2fd86_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-network-addons-operator-rhel9@sha256:107d04e43edd1399d48742b8830dcba237809320a1fec8b4f68782b0efc2fd86?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64",
"product": {
"name": "container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64",
"product_id": "container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-must-gather-rhel9@sha256:01237c51aae3adceeea01460602c5bb900357444cae56ae0e22e99c818435692_arm64",
"product": {
"name": "container-native-virtualization/cnv-must-gather-rhel9@sha256:01237c51aae3adceeea01460602c5bb900357444cae56ae0e22e99c818435692_arm64",
"product_id": "container-native-virtualization/cnv-must-gather-rhel9@sha256:01237c51aae3adceeea01460602c5bb900357444cae56ae0e22e99c818435692_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-must-gather-rhel9@sha256:01237c51aae3adceeea01460602c5bb900357444cae56ae0e22e99c818435692?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hco-bundle-registry-rhel9@sha256:1b696ba369b10f370f5e13d5cb86cacd34fae5406454e2f89a91708b34efd350_arm64",
"product": {
"name": "container-native-virtualization/hco-bundle-registry-rhel9@sha256:1b696ba369b10f370f5e13d5cb86cacd34fae5406454e2f89a91708b34efd350_arm64",
"product_id": "container-native-virtualization/hco-bundle-registry-rhel9@sha256:1b696ba369b10f370f5e13d5cb86cacd34fae5406454e2f89a91708b34efd350_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hco-bundle-registry-rhel9@sha256:1b696ba369b10f370f5e13d5cb86cacd34fae5406454e2f89a91708b34efd350?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry-rhel9\u0026tag=v4.13.6.rhel9--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-csi-driver-rhel9@sha256:4d3b8bc4aebf94a9fd4247bca243e7a19e9bc7ddb0060f3020eaae90a4d3b554_arm64",
"product": {
"name": "container-native-virtualization/hostpath-csi-driver-rhel9@sha256:4d3b8bc4aebf94a9fd4247bca243e7a19e9bc7ddb0060f3020eaae90a4d3b554_arm64",
"product_id": "container-native-virtualization/hostpath-csi-driver-rhel9@sha256:4d3b8bc4aebf94a9fd4247bca243e7a19e9bc7ddb0060f3020eaae90a4d3b554_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-csi-driver-rhel9@sha256:4d3b8bc4aebf94a9fd4247bca243e7a19e9bc7ddb0060f3020eaae90a4d3b554?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:91d2e6eb9652199683914aa039cb9e1df6f17f1c9a4c8bde03cb8dbf146cf66e_arm64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:91d2e6eb9652199683914aa039cb9e1df6f17f1c9a4c8bde03cb8dbf146cf66e_arm64",
"product_id": "container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:91d2e6eb9652199683914aa039cb9e1df6f17f1c9a4c8bde03cb8dbf146cf66e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-operator-rhel9@sha256:91d2e6eb9652199683914aa039cb9e1df6f17f1c9a4c8bde03cb8dbf146cf66e?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-operator-rhel9\u0026tag=v4.13.6-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-rhel9@sha256:a66f5bdcf12014dc03a240fcdb800545c992b7f6b3fe8471b10431e98ab1abc9_arm64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-rhel9@sha256:a66f5bdcf12014dc03a240fcdb800545c992b7f6b3fe8471b10431e98ab1abc9_arm64",
"product_id": "container-native-virtualization/hostpath-provisioner-rhel9@sha256:a66f5bdcf12014dc03a240fcdb800545c992b7f6b3fe8471b10431e98ab1abc9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-rhel9@sha256:a66f5bdcf12014dc03a240fcdb800545c992b7f6b3fe8471b10431e98ab1abc9?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:18d5ce221b8b2c938b2d52d6751e4679b57a7723ff02698ab0fce89c4c160bd9_arm64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:18d5ce221b8b2c938b2d52d6751e4679b57a7723ff02698ab0fce89c4c160bd9_arm64",
"product_id": "container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:18d5ce221b8b2c938b2d52d6751e4679b57a7723ff02698ab0fce89c4c160bd9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-operator-rhel9@sha256:18d5ce221b8b2c938b2d52d6751e4679b57a7723ff02698ab0fce89c4c160bd9?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:ab8e7f2fac2870e0ac55a6b22ecac1120db26f9203687588be13ad3e644835a3_arm64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:ab8e7f2fac2870e0ac55a6b22ecac1120db26f9203687588be13ad3e644835a3_arm64",
"product_id": "container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:ab8e7f2fac2870e0ac55a6b22ecac1120db26f9203687588be13ad3e644835a3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-webhook-rhel9@sha256:ab8e7f2fac2870e0ac55a6b22ecac1120db26f9203687588be13ad3e644835a3?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79_arm64",
"product": {
"name": "container-native-virtualization/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79_arm64",
"product_id": "container-native-virtualization/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubemacpool-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubesecondarydns-rhel9@sha256:c7f3ad8727cda85d27466ccba129d0835e2a40cd23a1104e5d688887144d0eac_arm64",
"product": {
"name": "container-native-virtualization/kubesecondarydns-rhel9@sha256:c7f3ad8727cda85d27466ccba129d0835e2a40cd23a1104e5d688887144d0eac_arm64",
"product_id": "container-native-virtualization/kubesecondarydns-rhel9@sha256:c7f3ad8727cda85d27466ccba129d0835e2a40cd23a1104e5d688887144d0eac_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kubesecondarydns-rhel9@sha256:c7f3ad8727cda85d27466ccba129d0835e2a40cd23a1104e5d688887144d0eac?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubesecondarydns-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:5a053e4919a82d77a3b889ea0d67e2cb8fcdb3c0490eaaee2a2c6695ff7b8bc3_arm64",
"product": {
"name": "container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:5a053e4919a82d77a3b889ea0d67e2cb8fcdb3c0490eaaee2a2c6695ff7b8bc3_arm64",
"product_id": "container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:5a053e4919a82d77a3b889ea0d67e2cb8fcdb3c0490eaaee2a2c6695ff7b8bc3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-console-plugin-rhel9@sha256:5a053e4919a82d77a3b889ea0d67e2cb8fcdb3c0490eaaee2a2c6695ff7b8bc3?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-console-plugin-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:eb09be5eb5cc9c61ac72e16d868001911cb900cee4e0d4b33e0e1bf2121b8bd1_arm64",
"product": {
"name": "container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:eb09be5eb5cc9c61ac72e16d868001911cb900cee4e0d4b33e0e1bf2121b8bd1_arm64",
"product_id": "container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:eb09be5eb5cc9c61ac72e16d868001911cb900cee4e0d4b33e0e1bf2121b8bd1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-dpdk-checkup-rhel9@sha256:eb09be5eb5cc9c61ac72e16d868001911cb900cee4e0d4b33e0e1bf2121b8bd1?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-dpdk-checkup-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:29923097262e92e2ea605816ab5dc49a8e391da69443d874ddb79202b9af51cf_arm64",
"product": {
"name": "container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:29923097262e92e2ea605816ab5dc49a8e391da69443d874ddb79202b9af51cf_arm64",
"product_id": "container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:29923097262e92e2ea605816ab5dc49a8e391da69443d874ddb79202b9af51cf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-ssp-operator-rhel9@sha256:29923097262e92e2ea605816ab5dc49a8e391da69443d874ddb79202b9af51cf?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator-rhel9\u0026tag=v4.13.6-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:13618d47989e341d083ccfc8562031fa70c1b40c74962cbab719b2dd0816554d_arm64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:13618d47989e341d083ccfc8562031fa70c1b40c74962cbab719b2dd0816554d_arm64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:13618d47989e341d083ccfc8562031fa70c1b40c74962cbab719b2dd0816554d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:13618d47989e341d083ccfc8562031fa70c1b40c74962cbab719b2dd0816554d?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:a1c68142038f9c1e8c09d0160c2c419900a672ebfdf6ca2ed8654f7111b39ea9_arm64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:a1c68142038f9c1e8c09d0160c2c419900a672ebfdf6ca2ed8654f7111b39ea9_arm64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:a1c68142038f9c1e8c09d0160c2c419900a672ebfdf6ca2ed8654f7111b39ea9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-copy-template-rhel9@sha256:a1c68142038f9c1e8c09d0160c2c419900a672ebfdf6ca2ed8654f7111b39ea9?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e6271542b1628a195ea3fbe5eaba8344d395c861c2ecfc71d1f031dd41aa79c_arm64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e6271542b1628a195ea3fbe5eaba8344d395c861c2ecfc71d1f031dd41aa79c_arm64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e6271542b1628a195ea3fbe5eaba8344d395c861c2ecfc71d1f031dd41aa79c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e6271542b1628a195ea3fbe5eaba8344d395c861c2ecfc71d1f031dd41aa79c?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:326c0ae083455c35ea6af7a7e81d4fe345fb0eeb9dfa141b32c53e9679cce929_arm64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:326c0ae083455c35ea6af7a7e81d4fe345fb0eeb9dfa141b32c53e9679cce929_arm64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:326c0ae083455c35ea6af7a7e81d4fe345fb0eeb9dfa141b32c53e9679cce929_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:326c0ae083455c35ea6af7a7e81d4fe345fb0eeb9dfa141b32c53e9679cce929?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06_arm64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06_arm64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:d418e632cbce9b80986597698fec46298f5c4543d886b22b66b2d29367915456_arm64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:d418e632cbce9b80986597698fec46298f5c4543d886b22b66b2d29367915456_arm64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:d418e632cbce9b80986597698fec46298f5c4543d886b22b66b2d29367915456_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:d418e632cbce9b80986597698fec46298f5c4543d886b22b66b2d29367915456?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:1969c2916efecbd6422f5e994dd6950295e87addfc82ab02fc7d336087ff7bd0_arm64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:1969c2916efecbd6422f5e994dd6950295e87addfc82ab02fc7d336087ff7bd0_arm64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:1969c2916efecbd6422f5e994dd6950295e87addfc82ab02fc7d336087ff7bd0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:1969c2916efecbd6422f5e994dd6950295e87addfc82ab02fc7d336087ff7bd0?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:7aefe2a125e668580ed6b175c5d650c2d14df33718a45081a5cb3f415787e348_arm64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:7aefe2a125e668580ed6b175c5d650c2d14df33718a45081a5cb3f415787e348_arm64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:7aefe2a125e668580ed6b175c5d650c2d14df33718a45081a5cb3f415787e348_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-operator-rhel9@sha256:7aefe2a125e668580ed6b175c5d650c2d14df33718a45081a5cb3f415787e348?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:8e5b9f9ff73f7a8665bd463e4fe1c7a3672760c552ca52e5a81975a13ef20fa5_arm64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:8e5b9f9ff73f7a8665bd463e4fe1c7a3672760c552ca52e5a81975a13ef20fa5_arm64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:8e5b9f9ff73f7a8665bd463e4fe1c7a3672760c552ca52e5a81975a13ef20fa5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:8e5b9f9ff73f7a8665bd463e4fe1c7a3672760c552ca52e5a81975a13ef20fa5?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-template-validator-rhel9@sha256:f1e61b9acc97c059a5976ef1a1a88ece74ce2032726a86822bc376381ab67ad3_arm64",
"product": {
"name": "container-native-virtualization/kubevirt-template-validator-rhel9@sha256:f1e61b9acc97c059a5976ef1a1a88ece74ce2032726a86822bc376381ab67ad3_arm64",
"product_id": "container-native-virtualization/kubevirt-template-validator-rhel9@sha256:f1e61b9acc97c059a5976ef1a1a88ece74ce2032726a86822bc376381ab67ad3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-template-validator-rhel9@sha256:f1e61b9acc97c059a5976ef1a1a88ece74ce2032726a86822bc376381ab67ad3?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/libguestfs-tools-rhel9@sha256:5baa2f7b1d1041ca38a51bc2afd7657a5e9ac485f1cc676cdbb4f1ab39782d04_arm64",
"product": {
"name": "container-native-virtualization/libguestfs-tools-rhel9@sha256:5baa2f7b1d1041ca38a51bc2afd7657a5e9ac485f1cc676cdbb4f1ab39782d04_arm64",
"product_id": "container-native-virtualization/libguestfs-tools-rhel9@sha256:5baa2f7b1d1041ca38a51bc2afd7657a5e9ac485f1cc676cdbb4f1ab39782d04_arm64",
"product_identification_helper": {
"purl": "pkg:oci/libguestfs-tools-rhel9@sha256:5baa2f7b1d1041ca38a51bc2afd7657a5e9ac485f1cc676cdbb4f1ab39782d04?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/multus-dynamic-networks-rhel9@sha256:daf59cf25c54c336cc34862a297c9bdf03e898dbede98e0f2ca34ef1afeec3aa_arm64",
"product": {
"name": "container-native-virtualization/multus-dynamic-networks-rhel9@sha256:daf59cf25c54c336cc34862a297c9bdf03e898dbede98e0f2ca34ef1afeec3aa_arm64",
"product_id": "container-native-virtualization/multus-dynamic-networks-rhel9@sha256:daf59cf25c54c336cc34862a297c9bdf03e898dbede98e0f2ca34ef1afeec3aa_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multus-dynamic-networks-rhel9@sha256:daf59cf25c54c336cc34862a297c9bdf03e898dbede98e0f2ca34ef1afeec3aa?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/multus-dynamic-networks-rhel9\u0026tag=v4.13.6-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/ovs-cni-plugin-rhel9@sha256:96d1fc0366532f53aeab7438d4805807964d79188ad240a116e891075aaa4512_arm64",
"product": {
"name": "container-native-virtualization/ovs-cni-plugin-rhel9@sha256:96d1fc0366532f53aeab7438d4805807964d79188ad240a116e891075aaa4512_arm64",
"product_id": "container-native-virtualization/ovs-cni-plugin-rhel9@sha256:96d1fc0366532f53aeab7438d4805807964d79188ad240a116e891075aaa4512_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ovs-cni-plugin-rhel9@sha256:96d1fc0366532f53aeab7438d4805807964d79188ad240a116e891075aaa4512?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-api-rhel9@sha256:c169c2406713b935ef99db16ac25546c56c35407fbe2c9700b08a85310ad0fe6_arm64",
"product": {
"name": "container-native-virtualization/virt-api-rhel9@sha256:c169c2406713b935ef99db16ac25546c56c35407fbe2c9700b08a85310ad0fe6_arm64",
"product_id": "container-native-virtualization/virt-api-rhel9@sha256:c169c2406713b935ef99db16ac25546c56c35407fbe2c9700b08a85310ad0fe6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/virt-api-rhel9@sha256:c169c2406713b935ef99db16ac25546c56c35407fbe2c9700b08a85310ad0fe6?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-api-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4_arm64",
"product": {
"name": "container-native-virtualization/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4_arm64",
"product_id": "container-native-virtualization/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:d3a725b602d28a5fae21e03d629706baf0c171ecc7798cdb9fc2b82ca9e12474_arm64",
"product": {
"name": "container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:d3a725b602d28a5fae21e03d629706baf0c171ecc7798cdb9fc2b82ca9e12474_arm64",
"product_id": "container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:d3a725b602d28a5fae21e03d629706baf0c171ecc7798cdb9fc2b82ca9e12474_arm64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-apiserver-rhel9@sha256:d3a725b602d28a5fae21e03d629706baf0c171ecc7798cdb9fc2b82ca9e12474?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-cloner-rhel9@sha256:5bdea09f1c761544b93f7253a84bda794f518276f5fb11cde5dc188b1dc536ce_arm64",
"product": {
"name": "container-native-virtualization/virt-cdi-cloner-rhel9@sha256:5bdea09f1c761544b93f7253a84bda794f518276f5fb11cde5dc188b1dc536ce_arm64",
"product_id": "container-native-virtualization/virt-cdi-cloner-rhel9@sha256:5bdea09f1c761544b93f7253a84bda794f518276f5fb11cde5dc188b1dc536ce_arm64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-cloner-rhel9@sha256:5bdea09f1c761544b93f7253a84bda794f518276f5fb11cde5dc188b1dc536ce?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-controller-rhel9@sha256:071c30274715467149dbb835cdbca395d48e41b98bdaaff3a261fb82cd2bf471_arm64",
"product": {
"name": "container-native-virtualization/virt-cdi-controller-rhel9@sha256:071c30274715467149dbb835cdbca395d48e41b98bdaaff3a261fb82cd2bf471_arm64",
"product_id": "container-native-virtualization/virt-cdi-controller-rhel9@sha256:071c30274715467149dbb835cdbca395d48e41b98bdaaff3a261fb82cd2bf471_arm64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-controller-rhel9@sha256:071c30274715467149dbb835cdbca395d48e41b98bdaaff3a261fb82cd2bf471?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-importer-rhel9@sha256:8d3ac293847b9314980a9142645cb69c541263eea18efb85a1872a56a061d0f1_arm64",
"product": {
"name": "container-native-virtualization/virt-cdi-importer-rhel9@sha256:8d3ac293847b9314980a9142645cb69c541263eea18efb85a1872a56a061d0f1_arm64",
"product_id": "container-native-virtualization/virt-cdi-importer-rhel9@sha256:8d3ac293847b9314980a9142645cb69c541263eea18efb85a1872a56a061d0f1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-importer-rhel9@sha256:8d3ac293847b9314980a9142645cb69c541263eea18efb85a1872a56a061d0f1?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-operator-rhel9@sha256:7c3a59429cb99215aec23cb956a1871ebe1d9e62197120e716b5bcc2e1dd6964_arm64",
"product": {
"name": "container-native-virtualization/virt-cdi-operator-rhel9@sha256:7c3a59429cb99215aec23cb956a1871ebe1d9e62197120e716b5bcc2e1dd6964_arm64",
"product_id": "container-native-virtualization/virt-cdi-operator-rhel9@sha256:7c3a59429cb99215aec23cb956a1871ebe1d9e62197120e716b5bcc2e1dd6964_arm64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-operator-rhel9@sha256:7c3a59429cb99215aec23cb956a1871ebe1d9e62197120e716b5bcc2e1dd6964?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7a171c401dfeb5552805ac3b4038f0ef341ef7655e36e71897ab6e6682fa3bc5_arm64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7a171c401dfeb5552805ac3b4038f0ef341ef7655e36e71897ab6e6682fa3bc5_arm64",
"product_id": "container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7a171c401dfeb5552805ac3b4038f0ef341ef7655e36e71897ab6e6682fa3bc5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadproxy-rhel9@sha256:7a171c401dfeb5552805ac3b4038f0ef341ef7655e36e71897ab6e6682fa3bc5?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:74f7c60a7c34d8af32b082f02e7f7338efafe0792ba386b2703f05ac1a7c49c2_arm64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:74f7c60a7c34d8af32b082f02e7f7338efafe0792ba386b2703f05ac1a7c49c2_arm64",
"product_id": "container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:74f7c60a7c34d8af32b082f02e7f7338efafe0792ba386b2703f05ac1a7c49c2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadserver-rhel9@sha256:74f7c60a7c34d8af32b082f02e7f7338efafe0792ba386b2703f05ac1a7c49c2?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-controller-rhel9@sha256:f40ccbed7cb8c6c488cae4c8e569789a508e4e9c490dba4e8aca667b7ae95853_arm64",
"product": {
"name": "container-native-virtualization/virt-controller-rhel9@sha256:f40ccbed7cb8c6c488cae4c8e569789a508e4e9c490dba4e8aca667b7ae95853_arm64",
"product_id": "container-native-virtualization/virt-controller-rhel9@sha256:f40ccbed7cb8c6c488cae4c8e569789a508e4e9c490dba4e8aca667b7ae95853_arm64",
"product_identification_helper": {
"purl": "pkg:oci/virt-controller-rhel9@sha256:f40ccbed7cb8c6c488cae4c8e569789a508e4e9c490dba4e8aca667b7ae95853?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-controller-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-exportproxy-rhel9@sha256:716b79da2f6ce3e9ee19bd3a1e9932afcfbeb0395783c0de492da49e1f26fc5b_arm64",
"product": {
"name": "container-native-virtualization/virt-exportproxy-rhel9@sha256:716b79da2f6ce3e9ee19bd3a1e9932afcfbeb0395783c0de492da49e1f26fc5b_arm64",
"product_id": "container-native-virtualization/virt-exportproxy-rhel9@sha256:716b79da2f6ce3e9ee19bd3a1e9932afcfbeb0395783c0de492da49e1f26fc5b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/virt-exportproxy-rhel9@sha256:716b79da2f6ce3e9ee19bd3a1e9932afcfbeb0395783c0de492da49e1f26fc5b?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-exportproxy-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-exportserver-rhel9@sha256:048303ba05b860b512848c5cfc9ca03c4106781a4d8aff9c3255b48af9391886_arm64",
"product": {
"name": "container-native-virtualization/virt-exportserver-rhel9@sha256:048303ba05b860b512848c5cfc9ca03c4106781a4d8aff9c3255b48af9391886_arm64",
"product_id": "container-native-virtualization/virt-exportserver-rhel9@sha256:048303ba05b860b512848c5cfc9ca03c4106781a4d8aff9c3255b48af9391886_arm64",
"product_identification_helper": {
"purl": "pkg:oci/virt-exportserver-rhel9@sha256:048303ba05b860b512848c5cfc9ca03c4106781a4d8aff9c3255b48af9391886?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-exportserver-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-handler-rhel9@sha256:28c43deef9f4b766bbcfdd97c3ace0945c12e446775ba842287bb633b4e9936d_arm64",
"product": {
"name": "container-native-virtualization/virt-handler-rhel9@sha256:28c43deef9f4b766bbcfdd97c3ace0945c12e446775ba842287bb633b4e9936d_arm64",
"product_id": "container-native-virtualization/virt-handler-rhel9@sha256:28c43deef9f4b766bbcfdd97c3ace0945c12e446775ba842287bb633b4e9936d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/virt-handler-rhel9@sha256:28c43deef9f4b766bbcfdd97c3ace0945c12e446775ba842287bb633b4e9936d?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-handler-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virtio-win-rhel9@sha256:c38ad9283ef7dbddaa430538cd5ab694721b3d60c2115c019a5c49cf1b936649_arm64",
"product": {
"name": "container-native-virtualization/virtio-win-rhel9@sha256:c38ad9283ef7dbddaa430538cd5ab694721b3d60c2115c019a5c49cf1b936649_arm64",
"product_id": "container-native-virtualization/virtio-win-rhel9@sha256:c38ad9283ef7dbddaa430538cd5ab694721b3d60c2115c019a5c49cf1b936649_arm64",
"product_identification_helper": {
"purl": "pkg:oci/virtio-win-rhel9@sha256:c38ad9283ef7dbddaa430538cd5ab694721b3d60c2115c019a5c49cf1b936649?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/virtio-win-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-launcher-rhel9@sha256:d8609dd0052664ee59e4bb91b3548ac589b487ca4ebcb91bda42ba52ff62b6db_arm64",
"product": {
"name": "container-native-virtualization/virt-launcher-rhel9@sha256:d8609dd0052664ee59e4bb91b3548ac589b487ca4ebcb91bda42ba52ff62b6db_arm64",
"product_id": "container-native-virtualization/virt-launcher-rhel9@sha256:d8609dd0052664ee59e4bb91b3548ac589b487ca4ebcb91bda42ba52ff62b6db_arm64",
"product_identification_helper": {
"purl": "pkg:oci/virt-launcher-rhel9@sha256:d8609dd0052664ee59e4bb91b3548ac589b487ca4ebcb91bda42ba52ff62b6db?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-launcher-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42_arm64",
"product": {
"name": "container-native-virtualization/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42_arm64",
"product_id": "container-native-virtualization/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42_arm64",
"product_identification_helper": {
"purl": "pkg:oci/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-operator-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-console-proxy-rhel9@sha256:1b53c2b30db706797bdb1c5d6f08e8e66e009eb87ee5c3ace6196e8940c6a43a_arm64",
"product": {
"name": "container-native-virtualization/vm-console-proxy-rhel9@sha256:1b53c2b30db706797bdb1c5d6f08e8e66e009eb87ee5c3ace6196e8940c6a43a_arm64",
"product_id": "container-native-virtualization/vm-console-proxy-rhel9@sha256:1b53c2b30db706797bdb1c5d6f08e8e66e009eb87ee5c3ace6196e8940c6a43a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vm-console-proxy-rhel9@sha256:1b53c2b30db706797bdb1c5d6f08e8e66e009eb87ee5c3ace6196e8940c6a43a?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-console-proxy-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:52aac6b150521d0aa2b7ac6627c75dab0e55e8aa96690afa2d8818ff3262faf0_arm64",
"product": {
"name": "container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:52aac6b150521d0aa2b7ac6627c75dab0e55e8aa96690afa2d8818ff3262faf0_arm64",
"product_id": "container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:52aac6b150521d0aa2b7ac6627c75dab0e55e8aa96690afa2d8818ff3262faf0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vm-network-latency-checkup-rhel9@sha256:52aac6b150521d0aa2b7ac6627c75dab0e55e8aa96690afa2d8818ff3262faf0?arch=arm64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-network-latency-checkup-rhel9\u0026tag=v4.13.6--2023-123262"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/bridge-marker-rhel9@sha256:0e71d3c240537211edc18dfdfb3e5a3eca9f88a53ee3fd7d58dc18074644a69c_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/bridge-marker-rhel9@sha256:0e71d3c240537211edc18dfdfb3e5a3eca9f88a53ee3fd7d58dc18074644a69c_amd64"
},
"product_reference": "container-native-virtualization/bridge-marker-rhel9@sha256:0e71d3c240537211edc18dfdfb3e5a3eca9f88a53ee3fd7d58dc18074644a69c_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/bridge-marker-rhel9@sha256:d85a4f8ec1cea7bba6575be9984f48fce5a4600b562fb072780719f1bc5ed80e_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/bridge-marker-rhel9@sha256:d85a4f8ec1cea7bba6575be9984f48fce5a4600b562fb072780719f1bc5ed80e_arm64"
},
"product_reference": "container-native-virtualization/bridge-marker-rhel9@sha256:d85a4f8ec1cea7bba6575be9984f48fce5a4600b562fb072780719f1bc5ed80e_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:107d04e43edd1399d48742b8830dcba237809320a1fec8b4f68782b0efc2fd86_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:107d04e43edd1399d48742b8830dcba237809320a1fec8b4f68782b0efc2fd86_arm64"
},
"product_reference": "container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:107d04e43edd1399d48742b8830dcba237809320a1fec8b4f68782b0efc2fd86_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:f559d2bdbd8487f726498d10f96a3951f0e44b7c063939cabfca16e74c35bd68_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:f559d2bdbd8487f726498d10f96a3951f0e44b7c063939cabfca16e74c35bd68_amd64"
},
"product_reference": "container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:f559d2bdbd8487f726498d10f96a3951f0e44b7c063939cabfca16e74c35bd68_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64"
},
"product_reference": "container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:92c79fa3527d94798647e08d652d3efa3de951792938514d1c975216a9deb6b1_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:92c79fa3527d94798647e08d652d3efa3de951792938514d1c975216a9deb6b1_amd64"
},
"product_reference": "container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:92c79fa3527d94798647e08d652d3efa3de951792938514d1c975216a9deb6b1_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-must-gather-rhel9@sha256:01237c51aae3adceeea01460602c5bb900357444cae56ae0e22e99c818435692_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/cnv-must-gather-rhel9@sha256:01237c51aae3adceeea01460602c5bb900357444cae56ae0e22e99c818435692_arm64"
},
"product_reference": "container-native-virtualization/cnv-must-gather-rhel9@sha256:01237c51aae3adceeea01460602c5bb900357444cae56ae0e22e99c818435692_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-must-gather-rhel9@sha256:1fe01e810e8e7b6b86d60199113bd59ca65fe92f7619c9fb7e953ac6eef5d3e3_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/cnv-must-gather-rhel9@sha256:1fe01e810e8e7b6b86d60199113bd59ca65fe92f7619c9fb7e953ac6eef5d3e3_amd64"
},
"product_reference": "container-native-virtualization/cnv-must-gather-rhel9@sha256:1fe01e810e8e7b6b86d60199113bd59ca65fe92f7619c9fb7e953ac6eef5d3e3_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hco-bundle-registry-rhel9@sha256:1b696ba369b10f370f5e13d5cb86cacd34fae5406454e2f89a91708b34efd350_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/hco-bundle-registry-rhel9@sha256:1b696ba369b10f370f5e13d5cb86cacd34fae5406454e2f89a91708b34efd350_arm64"
},
"product_reference": "container-native-virtualization/hco-bundle-registry-rhel9@sha256:1b696ba369b10f370f5e13d5cb86cacd34fae5406454e2f89a91708b34efd350_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hco-bundle-registry-rhel9@sha256:bd1138c5193f4141105fdf665bf60693631ee6edafa8688cd541534fb8b4da88_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/hco-bundle-registry-rhel9@sha256:bd1138c5193f4141105fdf665bf60693631ee6edafa8688cd541534fb8b4da88_amd64"
},
"product_reference": "container-native-virtualization/hco-bundle-registry-rhel9@sha256:bd1138c5193f4141105fdf665bf60693631ee6edafa8688cd541534fb8b4da88_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-csi-driver-rhel9@sha256:4d3b8bc4aebf94a9fd4247bca243e7a19e9bc7ddb0060f3020eaae90a4d3b554_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/hostpath-csi-driver-rhel9@sha256:4d3b8bc4aebf94a9fd4247bca243e7a19e9bc7ddb0060f3020eaae90a4d3b554_arm64"
},
"product_reference": "container-native-virtualization/hostpath-csi-driver-rhel9@sha256:4d3b8bc4aebf94a9fd4247bca243e7a19e9bc7ddb0060f3020eaae90a4d3b554_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-csi-driver-rhel9@sha256:67a15301595b1552963b684a2bdcbabd0b7c9f64efea05a22f1defaeb802e000_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/hostpath-csi-driver-rhel9@sha256:67a15301595b1552963b684a2bdcbabd0b7c9f64efea05a22f1defaeb802e000_amd64"
},
"product_reference": "container-native-virtualization/hostpath-csi-driver-rhel9@sha256:67a15301595b1552963b684a2bdcbabd0b7c9f64efea05a22f1defaeb802e000_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:46935d95ae6c7861756fee7c4026d7877d6991ae7d237aeade91694c98ececd6_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:46935d95ae6c7861756fee7c4026d7877d6991ae7d237aeade91694c98ececd6_amd64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:46935d95ae6c7861756fee7c4026d7877d6991ae7d237aeade91694c98ececd6_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:91d2e6eb9652199683914aa039cb9e1df6f17f1c9a4c8bde03cb8dbf146cf66e_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:91d2e6eb9652199683914aa039cb9e1df6f17f1c9a4c8bde03cb8dbf146cf66e_arm64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:91d2e6eb9652199683914aa039cb9e1df6f17f1c9a4c8bde03cb8dbf146cf66e_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-rhel9@sha256:9ebff9a91c3fb8018cafc2f47834375575921677a1dd30b5d4b8205a3fc9b08e_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-rhel9@sha256:9ebff9a91c3fb8018cafc2f47834375575921677a1dd30b5d4b8205a3fc9b08e_amd64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-rhel9@sha256:9ebff9a91c3fb8018cafc2f47834375575921677a1dd30b5d4b8205a3fc9b08e_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-rhel9@sha256:a66f5bdcf12014dc03a240fcdb800545c992b7f6b3fe8471b10431e98ab1abc9_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-rhel9@sha256:a66f5bdcf12014dc03a240fcdb800545c992b7f6b3fe8471b10431e98ab1abc9_arm64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-rhel9@sha256:a66f5bdcf12014dc03a240fcdb800545c992b7f6b3fe8471b10431e98ab1abc9_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:01630384f181e43217d435dcc0ae92e137bf976876690b68c442e59cc4b50d80_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:01630384f181e43217d435dcc0ae92e137bf976876690b68c442e59cc4b50d80_amd64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:01630384f181e43217d435dcc0ae92e137bf976876690b68c442e59cc4b50d80_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:18d5ce221b8b2c938b2d52d6751e4679b57a7723ff02698ab0fce89c4c160bd9_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:18d5ce221b8b2c938b2d52d6751e4679b57a7723ff02698ab0fce89c4c160bd9_arm64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:18d5ce221b8b2c938b2d52d6751e4679b57a7723ff02698ab0fce89c4c160bd9_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:380f2d6a3b273717a130ff60531efbcbad5031b503d6be70e74f0dad77e61e48_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:380f2d6a3b273717a130ff60531efbcbad5031b503d6be70e74f0dad77e61e48_amd64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:380f2d6a3b273717a130ff60531efbcbad5031b503d6be70e74f0dad77e61e48_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:ab8e7f2fac2870e0ac55a6b22ecac1120db26f9203687588be13ad3e644835a3_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:ab8e7f2fac2870e0ac55a6b22ecac1120db26f9203687588be13ad3e644835a3_arm64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:ab8e7f2fac2870e0ac55a6b22ecac1120db26f9203687588be13ad3e644835a3_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79_arm64"
},
"product_reference": "container-native-virtualization/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubemacpool-rhel9@sha256:81e70858aab8bda6cc23788eab031ec38b00b45fb87a4358a98d11f511030396_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubemacpool-rhel9@sha256:81e70858aab8bda6cc23788eab031ec38b00b45fb87a4358a98d11f511030396_amd64"
},
"product_reference": "container-native-virtualization/kubemacpool-rhel9@sha256:81e70858aab8bda6cc23788eab031ec38b00b45fb87a4358a98d11f511030396_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubesecondarydns-rhel9@sha256:a82f6e4ae5e2f3f26e81b5ed030a892c48165a69584cdb636bc281c2f63ab3f0_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubesecondarydns-rhel9@sha256:a82f6e4ae5e2f3f26e81b5ed030a892c48165a69584cdb636bc281c2f63ab3f0_amd64"
},
"product_reference": "container-native-virtualization/kubesecondarydns-rhel9@sha256:a82f6e4ae5e2f3f26e81b5ed030a892c48165a69584cdb636bc281c2f63ab3f0_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubesecondarydns-rhel9@sha256:c7f3ad8727cda85d27466ccba129d0835e2a40cd23a1104e5d688887144d0eac_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubesecondarydns-rhel9@sha256:c7f3ad8727cda85d27466ccba129d0835e2a40cd23a1104e5d688887144d0eac_arm64"
},
"product_reference": "container-native-virtualization/kubesecondarydns-rhel9@sha256:c7f3ad8727cda85d27466ccba129d0835e2a40cd23a1104e5d688887144d0eac_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:44425d1d119a2f9cb64dfad35ef5699b246ac4373e13c3184db67e53c7de4c01_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:44425d1d119a2f9cb64dfad35ef5699b246ac4373e13c3184db67e53c7de4c01_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:44425d1d119a2f9cb64dfad35ef5699b246ac4373e13c3184db67e53c7de4c01_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:5a053e4919a82d77a3b889ea0d67e2cb8fcdb3c0490eaaee2a2c6695ff7b8bc3_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:5a053e4919a82d77a3b889ea0d67e2cb8fcdb3c0490eaaee2a2c6695ff7b8bc3_arm64"
},
"product_reference": "container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:5a053e4919a82d77a3b889ea0d67e2cb8fcdb3c0490eaaee2a2c6695ff7b8bc3_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:eb09be5eb5cc9c61ac72e16d868001911cb900cee4e0d4b33e0e1bf2121b8bd1_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:eb09be5eb5cc9c61ac72e16d868001911cb900cee4e0d4b33e0e1bf2121b8bd1_arm64"
},
"product_reference": "container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:eb09be5eb5cc9c61ac72e16d868001911cb900cee4e0d4b33e0e1bf2121b8bd1_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:ebf7a7fccbcfde5a5e41789bc6674b956b24f9ea467b0b1a78c8e4edf3ef84b0_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:ebf7a7fccbcfde5a5e41789bc6674b956b24f9ea467b0b1a78c8e4edf3ef84b0_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:ebf7a7fccbcfde5a5e41789bc6674b956b24f9ea467b0b1a78c8e4edf3ef84b0_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:10505edee0e2e0deedb789149d5393da6a654dd509b01eaec0831fa687efdafd_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:10505edee0e2e0deedb789149d5393da6a654dd509b01eaec0831fa687efdafd_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:10505edee0e2e0deedb789149d5393da6a654dd509b01eaec0831fa687efdafd_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:29923097262e92e2ea605816ab5dc49a8e391da69443d874ddb79202b9af51cf_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:29923097262e92e2ea605816ab5dc49a8e391da69443d874ddb79202b9af51cf_arm64"
},
"product_reference": "container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:29923097262e92e2ea605816ab5dc49a8e391da69443d874ddb79202b9af51cf_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:13618d47989e341d083ccfc8562031fa70c1b40c74962cbab719b2dd0816554d_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:13618d47989e341d083ccfc8562031fa70c1b40c74962cbab719b2dd0816554d_arm64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:13618d47989e341d083ccfc8562031fa70c1b40c74962cbab719b2dd0816554d_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:9ba387cfd3ac34a6feb5dca25702a9a5361dfe81b4c4837fb916ec25952d4c39_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:9ba387cfd3ac34a6feb5dca25702a9a5361dfe81b4c4837fb916ec25952d4c39_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:9ba387cfd3ac34a6feb5dca25702a9a5361dfe81b4c4837fb916ec25952d4c39_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:a1c68142038f9c1e8c09d0160c2c419900a672ebfdf6ca2ed8654f7111b39ea9_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:a1c68142038f9c1e8c09d0160c2c419900a672ebfdf6ca2ed8654f7111b39ea9_arm64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:a1c68142038f9c1e8c09d0160c2c419900a672ebfdf6ca2ed8654f7111b39ea9_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e12388f059afbd197b3d522f078c98ca78b937d6306b73e1797eedf838f8ba5_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e12388f059afbd197b3d522f078c98ca78b937d6306b73e1797eedf838f8ba5_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e12388f059afbd197b3d522f078c98ca78b937d6306b73e1797eedf838f8ba5_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e6271542b1628a195ea3fbe5eaba8344d395c861c2ecfc71d1f031dd41aa79c_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e6271542b1628a195ea3fbe5eaba8344d395c861c2ecfc71d1f031dd41aa79c_arm64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e6271542b1628a195ea3fbe5eaba8344d395c861c2ecfc71d1f031dd41aa79c_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:326c0ae083455c35ea6af7a7e81d4fe345fb0eeb9dfa141b32c53e9679cce929_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:326c0ae083455c35ea6af7a7e81d4fe345fb0eeb9dfa141b32c53e9679cce929_arm64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:326c0ae083455c35ea6af7a7e81d4fe345fb0eeb9dfa141b32c53e9679cce929_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:ad8302605f2ad0bd58cdc6ccf3121cd5d626b4cda25fa879cf6baf340f60e5e1_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:ad8302605f2ad0bd58cdc6ccf3121cd5d626b4cda25fa879cf6baf340f60e5e1_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:ad8302605f2ad0bd58cdc6ccf3121cd5d626b4cda25fa879cf6baf340f60e5e1_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06_arm64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:8d70b6abac3ed0f2af3b2ce2017ca6a26619e2bbf57ffd91137448a3195d1061_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:8d70b6abac3ed0f2af3b2ce2017ca6a26619e2bbf57ffd91137448a3195d1061_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:8d70b6abac3ed0f2af3b2ce2017ca6a26619e2bbf57ffd91137448a3195d1061_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:d418e632cbce9b80986597698fec46298f5c4543d886b22b66b2d29367915456_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:d418e632cbce9b80986597698fec46298f5c4543d886b22b66b2d29367915456_arm64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:d418e632cbce9b80986597698fec46298f5c4543d886b22b66b2d29367915456_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:eee2a83077e00faba6b8ae62dce61b2e03cb5a19a68a724b55b2ea70b709302d_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:eee2a83077e00faba6b8ae62dce61b2e03cb5a19a68a724b55b2ea70b709302d_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:eee2a83077e00faba6b8ae62dce61b2e03cb5a19a68a724b55b2ea70b709302d_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:18c1bba00e243364d013c4d113c0685a9d5097111a296c0c01883b5440d44e56_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:18c1bba00e243364d013c4d113c0685a9d5097111a296c0c01883b5440d44e56_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:18c1bba00e243364d013c4d113c0685a9d5097111a296c0c01883b5440d44e56_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:1969c2916efecbd6422f5e994dd6950295e87addfc82ab02fc7d336087ff7bd0_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:1969c2916efecbd6422f5e994dd6950295e87addfc82ab02fc7d336087ff7bd0_arm64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:1969c2916efecbd6422f5e994dd6950295e87addfc82ab02fc7d336087ff7bd0_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:58432b96b2bd469584d3c5492a4bf2b932276ea4d32ce19f9fd123bc6c5a1d93_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:58432b96b2bd469584d3c5492a4bf2b932276ea4d32ce19f9fd123bc6c5a1d93_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:58432b96b2bd469584d3c5492a4bf2b932276ea4d32ce19f9fd123bc6c5a1d93_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:7aefe2a125e668580ed6b175c5d650c2d14df33718a45081a5cb3f415787e348_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:7aefe2a125e668580ed6b175c5d650c2d14df33718a45081a5cb3f415787e348_arm64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:7aefe2a125e668580ed6b175c5d650c2d14df33718a45081a5cb3f415787e348_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:8e5b9f9ff73f7a8665bd463e4fe1c7a3672760c552ca52e5a81975a13ef20fa5_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:8e5b9f9ff73f7a8665bd463e4fe1c7a3672760c552ca52e5a81975a13ef20fa5_arm64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:8e5b9f9ff73f7a8665bd463e4fe1c7a3672760c552ca52e5a81975a13ef20fa5_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-template-validator-rhel9@sha256:c98f4ef7277902010d91f6a0c9dee0c1773e61a60754204fa6463ff92e1ded80_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-template-validator-rhel9@sha256:c98f4ef7277902010d91f6a0c9dee0c1773e61a60754204fa6463ff92e1ded80_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-template-validator-rhel9@sha256:c98f4ef7277902010d91f6a0c9dee0c1773e61a60754204fa6463ff92e1ded80_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-template-validator-rhel9@sha256:f1e61b9acc97c059a5976ef1a1a88ece74ce2032726a86822bc376381ab67ad3_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/kubevirt-template-validator-rhel9@sha256:f1e61b9acc97c059a5976ef1a1a88ece74ce2032726a86822bc376381ab67ad3_arm64"
},
"product_reference": "container-native-virtualization/kubevirt-template-validator-rhel9@sha256:f1e61b9acc97c059a5976ef1a1a88ece74ce2032726a86822bc376381ab67ad3_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/libguestfs-tools-rhel9@sha256:5baa2f7b1d1041ca38a51bc2afd7657a5e9ac485f1cc676cdbb4f1ab39782d04_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/libguestfs-tools-rhel9@sha256:5baa2f7b1d1041ca38a51bc2afd7657a5e9ac485f1cc676cdbb4f1ab39782d04_arm64"
},
"product_reference": "container-native-virtualization/libguestfs-tools-rhel9@sha256:5baa2f7b1d1041ca38a51bc2afd7657a5e9ac485f1cc676cdbb4f1ab39782d04_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/libguestfs-tools-rhel9@sha256:dfc089d7a360ce8741058710348f5bcd14d3644fb8f47616195e1ee25bf2d6c6_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/libguestfs-tools-rhel9@sha256:dfc089d7a360ce8741058710348f5bcd14d3644fb8f47616195e1ee25bf2d6c6_amd64"
},
"product_reference": "container-native-virtualization/libguestfs-tools-rhel9@sha256:dfc089d7a360ce8741058710348f5bcd14d3644fb8f47616195e1ee25bf2d6c6_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/multus-dynamic-networks-rhel9@sha256:daf59cf25c54c336cc34862a297c9bdf03e898dbede98e0f2ca34ef1afeec3aa_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/multus-dynamic-networks-rhel9@sha256:daf59cf25c54c336cc34862a297c9bdf03e898dbede98e0f2ca34ef1afeec3aa_arm64"
},
"product_reference": "container-native-virtualization/multus-dynamic-networks-rhel9@sha256:daf59cf25c54c336cc34862a297c9bdf03e898dbede98e0f2ca34ef1afeec3aa_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/multus-dynamic-networks-rhel9@sha256:f8294e9932f5bd8e6a5396c1cdd648c81e787788bdd30ac1a5701d383f222f4e_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/multus-dynamic-networks-rhel9@sha256:f8294e9932f5bd8e6a5396c1cdd648c81e787788bdd30ac1a5701d383f222f4e_amd64"
},
"product_reference": "container-native-virtualization/multus-dynamic-networks-rhel9@sha256:f8294e9932f5bd8e6a5396c1cdd648c81e787788bdd30ac1a5701d383f222f4e_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/ovs-cni-plugin-rhel9@sha256:0a2c2835ba5b828fb97e7645dd68f03a14c308a470e7147c6174d8d5ada11de0_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/ovs-cni-plugin-rhel9@sha256:0a2c2835ba5b828fb97e7645dd68f03a14c308a470e7147c6174d8d5ada11de0_amd64"
},
"product_reference": "container-native-virtualization/ovs-cni-plugin-rhel9@sha256:0a2c2835ba5b828fb97e7645dd68f03a14c308a470e7147c6174d8d5ada11de0_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/ovs-cni-plugin-rhel9@sha256:96d1fc0366532f53aeab7438d4805807964d79188ad240a116e891075aaa4512_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/ovs-cni-plugin-rhel9@sha256:96d1fc0366532f53aeab7438d4805807964d79188ad240a116e891075aaa4512_arm64"
},
"product_reference": "container-native-virtualization/ovs-cni-plugin-rhel9@sha256:96d1fc0366532f53aeab7438d4805807964d79188ad240a116e891075aaa4512_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-api-rhel9@sha256:10de7c74d019f1146ddb93943810037849a1132b4c4df61b5f4184c3ecf9e69c_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-api-rhel9@sha256:10de7c74d019f1146ddb93943810037849a1132b4c4df61b5f4184c3ecf9e69c_amd64"
},
"product_reference": "container-native-virtualization/virt-api-rhel9@sha256:10de7c74d019f1146ddb93943810037849a1132b4c4df61b5f4184c3ecf9e69c_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-api-rhel9@sha256:c169c2406713b935ef99db16ac25546c56c35407fbe2c9700b08a85310ad0fe6_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-api-rhel9@sha256:c169c2406713b935ef99db16ac25546c56c35407fbe2c9700b08a85310ad0fe6_arm64"
},
"product_reference": "container-native-virtualization/virt-api-rhel9@sha256:c169c2406713b935ef99db16ac25546c56c35407fbe2c9700b08a85310ad0fe6_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4_arm64"
},
"product_reference": "container-native-virtualization/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-artifacts-server-rhel9@sha256:905d1c79e6577e9e5dba896ca6b24914b8bdf203f84fb6d2107b8ffaeeb60de4_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-artifacts-server-rhel9@sha256:905d1c79e6577e9e5dba896ca6b24914b8bdf203f84fb6d2107b8ffaeeb60de4_amd64"
},
"product_reference": "container-native-virtualization/virt-artifacts-server-rhel9@sha256:905d1c79e6577e9e5dba896ca6b24914b8bdf203f84fb6d2107b8ffaeeb60de4_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:d3a725b602d28a5fae21e03d629706baf0c171ecc7798cdb9fc2b82ca9e12474_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:d3a725b602d28a5fae21e03d629706baf0c171ecc7798cdb9fc2b82ca9e12474_arm64"
},
"product_reference": "container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:d3a725b602d28a5fae21e03d629706baf0c171ecc7798cdb9fc2b82ca9e12474_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-cloner-rhel9@sha256:5bdea09f1c761544b93f7253a84bda794f518276f5fb11cde5dc188b1dc536ce_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-cdi-cloner-rhel9@sha256:5bdea09f1c761544b93f7253a84bda794f518276f5fb11cde5dc188b1dc536ce_arm64"
},
"product_reference": "container-native-virtualization/virt-cdi-cloner-rhel9@sha256:5bdea09f1c761544b93f7253a84bda794f518276f5fb11cde5dc188b1dc536ce_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-cloner-rhel9@sha256:e214218ed2008370a3e17889780171890dbe21baec315d3b87903ad9d3c06ee3_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-cdi-cloner-rhel9@sha256:e214218ed2008370a3e17889780171890dbe21baec315d3b87903ad9d3c06ee3_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-cloner-rhel9@sha256:e214218ed2008370a3e17889780171890dbe21baec315d3b87903ad9d3c06ee3_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-controller-rhel9@sha256:071c30274715467149dbb835cdbca395d48e41b98bdaaff3a261fb82cd2bf471_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-cdi-controller-rhel9@sha256:071c30274715467149dbb835cdbca395d48e41b98bdaaff3a261fb82cd2bf471_arm64"
},
"product_reference": "container-native-virtualization/virt-cdi-controller-rhel9@sha256:071c30274715467149dbb835cdbca395d48e41b98bdaaff3a261fb82cd2bf471_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-controller-rhel9@sha256:292e78073b80e1559110c267a25dc3c5000f767046aea2c6d18f7a6bfdd2a3f6_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-cdi-controller-rhel9@sha256:292e78073b80e1559110c267a25dc3c5000f767046aea2c6d18f7a6bfdd2a3f6_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-controller-rhel9@sha256:292e78073b80e1559110c267a25dc3c5000f767046aea2c6d18f7a6bfdd2a3f6_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-importer-rhel9@sha256:8d3ac293847b9314980a9142645cb69c541263eea18efb85a1872a56a061d0f1_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-cdi-importer-rhel9@sha256:8d3ac293847b9314980a9142645cb69c541263eea18efb85a1872a56a061d0f1_arm64"
},
"product_reference": "container-native-virtualization/virt-cdi-importer-rhel9@sha256:8d3ac293847b9314980a9142645cb69c541263eea18efb85a1872a56a061d0f1_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-importer-rhel9@sha256:c0629b38e9cfea842fe0c1b2a90c9750b31242ac7a71ae51418068f69bb51424_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-cdi-importer-rhel9@sha256:c0629b38e9cfea842fe0c1b2a90c9750b31242ac7a71ae51418068f69bb51424_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-importer-rhel9@sha256:c0629b38e9cfea842fe0c1b2a90c9750b31242ac7a71ae51418068f69bb51424_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-operator-rhel9@sha256:7c3a59429cb99215aec23cb956a1871ebe1d9e62197120e716b5bcc2e1dd6964_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-cdi-operator-rhel9@sha256:7c3a59429cb99215aec23cb956a1871ebe1d9e62197120e716b5bcc2e1dd6964_arm64"
},
"product_reference": "container-native-virtualization/virt-cdi-operator-rhel9@sha256:7c3a59429cb99215aec23cb956a1871ebe1d9e62197120e716b5bcc2e1dd6964_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-operator-rhel9@sha256:fdbd6dc5be9638ffdbb1aef724d6a46ec2ba1beb6e16c089d4d05fb28aa4f794_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-cdi-operator-rhel9@sha256:fdbd6dc5be9638ffdbb1aef724d6a46ec2ba1beb6e16c089d4d05fb28aa4f794_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-operator-rhel9@sha256:fdbd6dc5be9638ffdbb1aef724d6a46ec2ba1beb6e16c089d4d05fb28aa4f794_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7a171c401dfeb5552805ac3b4038f0ef341ef7655e36e71897ab6e6682fa3bc5_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7a171c401dfeb5552805ac3b4038f0ef341ef7655e36e71897ab6e6682fa3bc5_arm64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7a171c401dfeb5552805ac3b4038f0ef341ef7655e36e71897ab6e6682fa3bc5_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7b21effa6d3e7e6852eda6df2bdb932f844278737c5926c7ec5645c2722786dc_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7b21effa6d3e7e6852eda6df2bdb932f844278737c5926c7ec5645c2722786dc_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7b21effa6d3e7e6852eda6df2bdb932f844278737c5926c7ec5645c2722786dc_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:74f7c60a7c34d8af32b082f02e7f7338efafe0792ba386b2703f05ac1a7c49c2_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:74f7c60a7c34d8af32b082f02e7f7338efafe0792ba386b2703f05ac1a7c49c2_arm64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:74f7c60a7c34d8af32b082f02e7f7338efafe0792ba386b2703f05ac1a7c49c2_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:8f7d079101239ef1071771bcb3122c51134b4fd06dab34a1ea6e8454492045c7_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:8f7d079101239ef1071771bcb3122c51134b4fd06dab34a1ea6e8454492045c7_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:8f7d079101239ef1071771bcb3122c51134b4fd06dab34a1ea6e8454492045c7_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-controller-rhel9@sha256:71a719d5eaa4db12b17f602bcf2d3231fcd9a47cc631153b44e8f22ce1e1f307_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-controller-rhel9@sha256:71a719d5eaa4db12b17f602bcf2d3231fcd9a47cc631153b44e8f22ce1e1f307_amd64"
},
"product_reference": "container-native-virtualization/virt-controller-rhel9@sha256:71a719d5eaa4db12b17f602bcf2d3231fcd9a47cc631153b44e8f22ce1e1f307_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-controller-rhel9@sha256:f40ccbed7cb8c6c488cae4c8e569789a508e4e9c490dba4e8aca667b7ae95853_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-controller-rhel9@sha256:f40ccbed7cb8c6c488cae4c8e569789a508e4e9c490dba4e8aca667b7ae95853_arm64"
},
"product_reference": "container-native-virtualization/virt-controller-rhel9@sha256:f40ccbed7cb8c6c488cae4c8e569789a508e4e9c490dba4e8aca667b7ae95853_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-exportproxy-rhel9@sha256:716b79da2f6ce3e9ee19bd3a1e9932afcfbeb0395783c0de492da49e1f26fc5b_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-exportproxy-rhel9@sha256:716b79da2f6ce3e9ee19bd3a1e9932afcfbeb0395783c0de492da49e1f26fc5b_arm64"
},
"product_reference": "container-native-virtualization/virt-exportproxy-rhel9@sha256:716b79da2f6ce3e9ee19bd3a1e9932afcfbeb0395783c0de492da49e1f26fc5b_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-exportproxy-rhel9@sha256:9b03b296b984ca9140224eb0158fab9e77a6645cc43ab4207de891a538eb1300_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-exportproxy-rhel9@sha256:9b03b296b984ca9140224eb0158fab9e77a6645cc43ab4207de891a538eb1300_amd64"
},
"product_reference": "container-native-virtualization/virt-exportproxy-rhel9@sha256:9b03b296b984ca9140224eb0158fab9e77a6645cc43ab4207de891a538eb1300_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-exportserver-rhel9@sha256:048303ba05b860b512848c5cfc9ca03c4106781a4d8aff9c3255b48af9391886_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-exportserver-rhel9@sha256:048303ba05b860b512848c5cfc9ca03c4106781a4d8aff9c3255b48af9391886_arm64"
},
"product_reference": "container-native-virtualization/virt-exportserver-rhel9@sha256:048303ba05b860b512848c5cfc9ca03c4106781a4d8aff9c3255b48af9391886_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-exportserver-rhel9@sha256:60a187ab354a59e5cb367e313e62a36ee6a674141ae04526d3e7a29152792d7e_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-exportserver-rhel9@sha256:60a187ab354a59e5cb367e313e62a36ee6a674141ae04526d3e7a29152792d7e_amd64"
},
"product_reference": "container-native-virtualization/virt-exportserver-rhel9@sha256:60a187ab354a59e5cb367e313e62a36ee6a674141ae04526d3e7a29152792d7e_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-handler-rhel9@sha256:28c43deef9f4b766bbcfdd97c3ace0945c12e446775ba842287bb633b4e9936d_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-handler-rhel9@sha256:28c43deef9f4b766bbcfdd97c3ace0945c12e446775ba842287bb633b4e9936d_arm64"
},
"product_reference": "container-native-virtualization/virt-handler-rhel9@sha256:28c43deef9f4b766bbcfdd97c3ace0945c12e446775ba842287bb633b4e9936d_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-handler-rhel9@sha256:dd73561b49637055dc43c0659f89f969bd45761993586bed9e19ef13e2479708_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-handler-rhel9@sha256:dd73561b49637055dc43c0659f89f969bd45761993586bed9e19ef13e2479708_amd64"
},
"product_reference": "container-native-virtualization/virt-handler-rhel9@sha256:dd73561b49637055dc43c0659f89f969bd45761993586bed9e19ef13e2479708_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-launcher-rhel9@sha256:d8609dd0052664ee59e4bb91b3548ac589b487ca4ebcb91bda42ba52ff62b6db_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-launcher-rhel9@sha256:d8609dd0052664ee59e4bb91b3548ac589b487ca4ebcb91bda42ba52ff62b6db_arm64"
},
"product_reference": "container-native-virtualization/virt-launcher-rhel9@sha256:d8609dd0052664ee59e4bb91b3548ac589b487ca4ebcb91bda42ba52ff62b6db_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-launcher-rhel9@sha256:f9841e11df1c4a2eb6c5b90c6540ca3af8de2a5f6249fd2793e7f632e420f848_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-launcher-rhel9@sha256:f9841e11df1c4a2eb6c5b90c6540ca3af8de2a5f6249fd2793e7f632e420f848_amd64"
},
"product_reference": "container-native-virtualization/virt-launcher-rhel9@sha256:f9841e11df1c4a2eb6c5b90c6540ca3af8de2a5f6249fd2793e7f632e420f848_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42_arm64"
},
"product_reference": "container-native-virtualization/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-operator-rhel9@sha256:dfc42f4a3243e8533c62f6d8314b6878d8a8f10d46d5481537848b9187b5a4cd_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virt-operator-rhel9@sha256:dfc42f4a3243e8533c62f6d8314b6878d8a8f10d46d5481537848b9187b5a4cd_amd64"
},
"product_reference": "container-native-virtualization/virt-operator-rhel9@sha256:dfc42f4a3243e8533c62f6d8314b6878d8a8f10d46d5481537848b9187b5a4cd_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virtio-win-rhel9@sha256:b0ee06ec0f4764f15ab360c8915f4b4110073a9501f5901ce6acd0051df6e868_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virtio-win-rhel9@sha256:b0ee06ec0f4764f15ab360c8915f4b4110073a9501f5901ce6acd0051df6e868_amd64"
},
"product_reference": "container-native-virtualization/virtio-win-rhel9@sha256:b0ee06ec0f4764f15ab360c8915f4b4110073a9501f5901ce6acd0051df6e868_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virtio-win-rhel9@sha256:c38ad9283ef7dbddaa430538cd5ab694721b3d60c2115c019a5c49cf1b936649_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/virtio-win-rhel9@sha256:c38ad9283ef7dbddaa430538cd5ab694721b3d60c2115c019a5c49cf1b936649_arm64"
},
"product_reference": "container-native-virtualization/virtio-win-rhel9@sha256:c38ad9283ef7dbddaa430538cd5ab694721b3d60c2115c019a5c49cf1b936649_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-console-proxy-rhel9@sha256:1b53c2b30db706797bdb1c5d6f08e8e66e009eb87ee5c3ace6196e8940c6a43a_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/vm-console-proxy-rhel9@sha256:1b53c2b30db706797bdb1c5d6f08e8e66e009eb87ee5c3ace6196e8940c6a43a_arm64"
},
"product_reference": "container-native-virtualization/vm-console-proxy-rhel9@sha256:1b53c2b30db706797bdb1c5d6f08e8e66e009eb87ee5c3ace6196e8940c6a43a_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-console-proxy-rhel9@sha256:91cad92cf5849d910a26ca8d704963372818f23619656032893291530633935c_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/vm-console-proxy-rhel9@sha256:91cad92cf5849d910a26ca8d704963372818f23619656032893291530633935c_amd64"
},
"product_reference": "container-native-virtualization/vm-console-proxy-rhel9@sha256:91cad92cf5849d910a26ca8d704963372818f23619656032893291530633935c_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:52aac6b150521d0aa2b7ac6627c75dab0e55e8aa96690afa2d8818ff3262faf0_arm64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:52aac6b150521d0aa2b7ac6627c75dab0e55e8aa96690afa2d8818ff3262faf0_arm64"
},
"product_reference": "container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:52aac6b150521d0aa2b7ac6627c75dab0e55e8aa96690afa2d8818ff3262faf0_arm64",
"relates_to_product_reference": "9Base-CNV-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:ac207fe8bbbbeb066a604246da46bdec218aa90fef62e490c047cc60ab5b222f_amd64 as a component of CNV 4.13 for RHEL 9",
"product_id": "9Base-CNV-4.13:container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:ac207fe8bbbbeb066a604246da46bdec218aa90fef62e490c047cc60ab5b222f_amd64"
},
"product_reference": "container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:ac207fe8bbbbeb066a604246da46bdec218aa90fef62e490c047cc60ab5b222f_amd64",
"relates_to_product_reference": "9Base-CNV-4.13"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-CNV-4.13:container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64",
"9Base-CNV-4.13:container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:92c79fa3527d94798647e08d652d3efa3de951792938514d1c975216a9deb6b1_amd64",
"9Base-CNV-4.13:container-native-virtualization/cnv-must-gather-rhel9@sha256:01237c51aae3adceeea01460602c5bb900357444cae56ae0e22e99c818435692_arm64",
"9Base-CNV-4.13:container-native-virtualization/cnv-must-gather-rhel9@sha256:1fe01e810e8e7b6b86d60199113bd59ca65fe92f7619c9fb7e953ac6eef5d3e3_amd64",
"9Base-CNV-4.13:container-native-virtualization/hco-bundle-registry-rhel9@sha256:1b696ba369b10f370f5e13d5cb86cacd34fae5406454e2f89a91708b34efd350_arm64",
"9Base-CNV-4.13:container-native-virtualization/hco-bundle-registry-rhel9@sha256:bd1138c5193f4141105fdf665bf60693631ee6edafa8688cd541534fb8b4da88_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-csi-driver-rhel9@sha256:4d3b8bc4aebf94a9fd4247bca243e7a19e9bc7ddb0060f3020eaae90a4d3b554_arm64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-csi-driver-rhel9@sha256:67a15301595b1552963b684a2bdcbabd0b7c9f64efea05a22f1defaeb802e000_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:46935d95ae6c7861756fee7c4026d7877d6991ae7d237aeade91694c98ececd6_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:91d2e6eb9652199683914aa039cb9e1df6f17f1c9a4c8bde03cb8dbf146cf66e_arm64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-rhel9@sha256:9ebff9a91c3fb8018cafc2f47834375575921677a1dd30b5d4b8205a3fc9b08e_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-rhel9@sha256:a66f5bdcf12014dc03a240fcdb800545c992b7f6b3fe8471b10431e98ab1abc9_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:44425d1d119a2f9cb64dfad35ef5699b246ac4373e13c3184db67e53c7de4c01_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:5a053e4919a82d77a3b889ea0d67e2cb8fcdb3c0490eaaee2a2c6695ff7b8bc3_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:eb09be5eb5cc9c61ac72e16d868001911cb900cee4e0d4b33e0e1bf2121b8bd1_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:ebf7a7fccbcfde5a5e41789bc6674b956b24f9ea467b0b1a78c8e4edf3ef84b0_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:13618d47989e341d083ccfc8562031fa70c1b40c74962cbab719b2dd0816554d_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:9ba387cfd3ac34a6feb5dca25702a9a5361dfe81b4c4837fb916ec25952d4c39_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:a1c68142038f9c1e8c09d0160c2c419900a672ebfdf6ca2ed8654f7111b39ea9_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e12388f059afbd197b3d522f078c98ca78b937d6306b73e1797eedf838f8ba5_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e6271542b1628a195ea3fbe5eaba8344d395c861c2ecfc71d1f031dd41aa79c_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:326c0ae083455c35ea6af7a7e81d4fe345fb0eeb9dfa141b32c53e9679cce929_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:ad8302605f2ad0bd58cdc6ccf3121cd5d626b4cda25fa879cf6baf340f60e5e1_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:8d70b6abac3ed0f2af3b2ce2017ca6a26619e2bbf57ffd91137448a3195d1061_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:d418e632cbce9b80986597698fec46298f5c4543d886b22b66b2d29367915456_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:eee2a83077e00faba6b8ae62dce61b2e03cb5a19a68a724b55b2ea70b709302d_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:18c1bba00e243364d013c4d113c0685a9d5097111a296c0c01883b5440d44e56_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:1969c2916efecbd6422f5e994dd6950295e87addfc82ab02fc7d336087ff7bd0_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:8e5b9f9ff73f7a8665bd463e4fe1c7a3672760c552ca52e5a81975a13ef20fa5_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-template-validator-rhel9@sha256:c98f4ef7277902010d91f6a0c9dee0c1773e61a60754204fa6463ff92e1ded80_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-template-validator-rhel9@sha256:f1e61b9acc97c059a5976ef1a1a88ece74ce2032726a86822bc376381ab67ad3_arm64",
"9Base-CNV-4.13:container-native-virtualization/libguestfs-tools-rhel9@sha256:5baa2f7b1d1041ca38a51bc2afd7657a5e9ac485f1cc676cdbb4f1ab39782d04_arm64",
"9Base-CNV-4.13:container-native-virtualization/libguestfs-tools-rhel9@sha256:dfc089d7a360ce8741058710348f5bcd14d3644fb8f47616195e1ee25bf2d6c6_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-api-rhel9@sha256:10de7c74d019f1146ddb93943810037849a1132b4c4df61b5f4184c3ecf9e69c_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-api-rhel9@sha256:c169c2406713b935ef99db16ac25546c56c35407fbe2c9700b08a85310ad0fe6_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-artifacts-server-rhel9@sha256:905d1c79e6577e9e5dba896ca6b24914b8bdf203f84fb6d2107b8ffaeeb60de4_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:d3a725b602d28a5fae21e03d629706baf0c171ecc7798cdb9fc2b82ca9e12474_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-cloner-rhel9@sha256:5bdea09f1c761544b93f7253a84bda794f518276f5fb11cde5dc188b1dc536ce_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-cloner-rhel9@sha256:e214218ed2008370a3e17889780171890dbe21baec315d3b87903ad9d3c06ee3_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-controller-rhel9@sha256:071c30274715467149dbb835cdbca395d48e41b98bdaaff3a261fb82cd2bf471_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-controller-rhel9@sha256:292e78073b80e1559110c267a25dc3c5000f767046aea2c6d18f7a6bfdd2a3f6_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-importer-rhel9@sha256:8d3ac293847b9314980a9142645cb69c541263eea18efb85a1872a56a061d0f1_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-importer-rhel9@sha256:c0629b38e9cfea842fe0c1b2a90c9750b31242ac7a71ae51418068f69bb51424_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-operator-rhel9@sha256:7c3a59429cb99215aec23cb956a1871ebe1d9e62197120e716b5bcc2e1dd6964_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-operator-rhel9@sha256:fdbd6dc5be9638ffdbb1aef724d6a46ec2ba1beb6e16c089d4d05fb28aa4f794_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7a171c401dfeb5552805ac3b4038f0ef341ef7655e36e71897ab6e6682fa3bc5_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7b21effa6d3e7e6852eda6df2bdb932f844278737c5926c7ec5645c2722786dc_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:74f7c60a7c34d8af32b082f02e7f7338efafe0792ba386b2703f05ac1a7c49c2_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:8f7d079101239ef1071771bcb3122c51134b4fd06dab34a1ea6e8454492045c7_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-controller-rhel9@sha256:71a719d5eaa4db12b17f602bcf2d3231fcd9a47cc631153b44e8f22ce1e1f307_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-controller-rhel9@sha256:f40ccbed7cb8c6c488cae4c8e569789a508e4e9c490dba4e8aca667b7ae95853_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportproxy-rhel9@sha256:716b79da2f6ce3e9ee19bd3a1e9932afcfbeb0395783c0de492da49e1f26fc5b_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportproxy-rhel9@sha256:9b03b296b984ca9140224eb0158fab9e77a6645cc43ab4207de891a538eb1300_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportserver-rhel9@sha256:048303ba05b860b512848c5cfc9ca03c4106781a4d8aff9c3255b48af9391886_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportserver-rhel9@sha256:60a187ab354a59e5cb367e313e62a36ee6a674141ae04526d3e7a29152792d7e_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-handler-rhel9@sha256:28c43deef9f4b766bbcfdd97c3ace0945c12e446775ba842287bb633b4e9936d_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-handler-rhel9@sha256:dd73561b49637055dc43c0659f89f969bd45761993586bed9e19ef13e2479708_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-launcher-rhel9@sha256:d8609dd0052664ee59e4bb91b3548ac589b487ca4ebcb91bda42ba52ff62b6db_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-launcher-rhel9@sha256:f9841e11df1c4a2eb6c5b90c6540ca3af8de2a5f6249fd2793e7f632e420f848_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-operator-rhel9@sha256:dfc42f4a3243e8533c62f6d8314b6878d8a8f10d46d5481537848b9187b5a4cd_amd64",
"9Base-CNV-4.13:container-native-virtualization/virtio-win-rhel9@sha256:b0ee06ec0f4764f15ab360c8915f4b4110073a9501f5901ce6acd0051df6e868_amd64",
"9Base-CNV-4.13:container-native-virtualization/virtio-win-rhel9@sha256:c38ad9283ef7dbddaa430538cd5ab694721b3d60c2115c019a5c49cf1b936649_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:52aac6b150521d0aa2b7ac6627c75dab0e55e8aa96690afa2d8818ff3262faf0_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:ac207fe8bbbbeb066a604246da46bdec218aa90fef62e490c047cc60ab5b222f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-CNV-4.13:container-native-virtualization/bridge-marker-rhel9@sha256:0e71d3c240537211edc18dfdfb3e5a3eca9f88a53ee3fd7d58dc18074644a69c_amd64",
"9Base-CNV-4.13:container-native-virtualization/bridge-marker-rhel9@sha256:d85a4f8ec1cea7bba6575be9984f48fce5a4600b562fb072780719f1bc5ed80e_arm64",
"9Base-CNV-4.13:container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:107d04e43edd1399d48742b8830dcba237809320a1fec8b4f68782b0efc2fd86_arm64",
"9Base-CNV-4.13:container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:f559d2bdbd8487f726498d10f96a3951f0e44b7c063939cabfca16e74c35bd68_amd64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:01630384f181e43217d435dcc0ae92e137bf976876690b68c442e59cc4b50d80_amd64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:18d5ce221b8b2c938b2d52d6751e4679b57a7723ff02698ab0fce89c4c160bd9_arm64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:380f2d6a3b273717a130ff60531efbcbad5031b503d6be70e74f0dad77e61e48_amd64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:ab8e7f2fac2870e0ac55a6b22ecac1120db26f9203687588be13ad3e644835a3_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubemacpool-rhel9@sha256:81e70858aab8bda6cc23788eab031ec38b00b45fb87a4358a98d11f511030396_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubesecondarydns-rhel9@sha256:a82f6e4ae5e2f3f26e81b5ed030a892c48165a69584cdb636bc281c2f63ab3f0_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubesecondarydns-rhel9@sha256:c7f3ad8727cda85d27466ccba129d0835e2a40cd23a1104e5d688887144d0eac_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:10505edee0e2e0deedb789149d5393da6a654dd509b01eaec0831fa687efdafd_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:29923097262e92e2ea605816ab5dc49a8e391da69443d874ddb79202b9af51cf_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:58432b96b2bd469584d3c5492a4bf2b932276ea4d32ce19f9fd123bc6c5a1d93_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:7aefe2a125e668580ed6b175c5d650c2d14df33718a45081a5cb3f415787e348_arm64",
"9Base-CNV-4.13:container-native-virtualization/multus-dynamic-networks-rhel9@sha256:daf59cf25c54c336cc34862a297c9bdf03e898dbede98e0f2ca34ef1afeec3aa_arm64",
"9Base-CNV-4.13:container-native-virtualization/multus-dynamic-networks-rhel9@sha256:f8294e9932f5bd8e6a5396c1cdd648c81e787788bdd30ac1a5701d383f222f4e_amd64",
"9Base-CNV-4.13:container-native-virtualization/ovs-cni-plugin-rhel9@sha256:0a2c2835ba5b828fb97e7645dd68f03a14c308a470e7147c6174d8d5ada11de0_amd64",
"9Base-CNV-4.13:container-native-virtualization/ovs-cni-plugin-rhel9@sha256:96d1fc0366532f53aeab7438d4805807964d79188ad240a116e891075aaa4512_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-console-proxy-rhel9@sha256:1b53c2b30db706797bdb1c5d6f08e8e66e009eb87ee5c3ace6196e8940c6a43a_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-console-proxy-rhel9@sha256:91cad92cf5849d910a26ca8d704963372818f23619656032893291530633935c_amd64"
],
"known_not_affected": [
"9Base-CNV-4.13:container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64",
"9Base-CNV-4.13:container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:92c79fa3527d94798647e08d652d3efa3de951792938514d1c975216a9deb6b1_amd64",
"9Base-CNV-4.13:container-native-virtualization/cnv-must-gather-rhel9@sha256:01237c51aae3adceeea01460602c5bb900357444cae56ae0e22e99c818435692_arm64",
"9Base-CNV-4.13:container-native-virtualization/cnv-must-gather-rhel9@sha256:1fe01e810e8e7b6b86d60199113bd59ca65fe92f7619c9fb7e953ac6eef5d3e3_amd64",
"9Base-CNV-4.13:container-native-virtualization/hco-bundle-registry-rhel9@sha256:1b696ba369b10f370f5e13d5cb86cacd34fae5406454e2f89a91708b34efd350_arm64",
"9Base-CNV-4.13:container-native-virtualization/hco-bundle-registry-rhel9@sha256:bd1138c5193f4141105fdf665bf60693631ee6edafa8688cd541534fb8b4da88_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-csi-driver-rhel9@sha256:4d3b8bc4aebf94a9fd4247bca243e7a19e9bc7ddb0060f3020eaae90a4d3b554_arm64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-csi-driver-rhel9@sha256:67a15301595b1552963b684a2bdcbabd0b7c9f64efea05a22f1defaeb802e000_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:46935d95ae6c7861756fee7c4026d7877d6991ae7d237aeade91694c98ececd6_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:91d2e6eb9652199683914aa039cb9e1df6f17f1c9a4c8bde03cb8dbf146cf66e_arm64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-rhel9@sha256:9ebff9a91c3fb8018cafc2f47834375575921677a1dd30b5d4b8205a3fc9b08e_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-rhel9@sha256:a66f5bdcf12014dc03a240fcdb800545c992b7f6b3fe8471b10431e98ab1abc9_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:44425d1d119a2f9cb64dfad35ef5699b246ac4373e13c3184db67e53c7de4c01_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:5a053e4919a82d77a3b889ea0d67e2cb8fcdb3c0490eaaee2a2c6695ff7b8bc3_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:eb09be5eb5cc9c61ac72e16d868001911cb900cee4e0d4b33e0e1bf2121b8bd1_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:ebf7a7fccbcfde5a5e41789bc6674b956b24f9ea467b0b1a78c8e4edf3ef84b0_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:13618d47989e341d083ccfc8562031fa70c1b40c74962cbab719b2dd0816554d_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:9ba387cfd3ac34a6feb5dca25702a9a5361dfe81b4c4837fb916ec25952d4c39_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:a1c68142038f9c1e8c09d0160c2c419900a672ebfdf6ca2ed8654f7111b39ea9_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e12388f059afbd197b3d522f078c98ca78b937d6306b73e1797eedf838f8ba5_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e6271542b1628a195ea3fbe5eaba8344d395c861c2ecfc71d1f031dd41aa79c_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:326c0ae083455c35ea6af7a7e81d4fe345fb0eeb9dfa141b32c53e9679cce929_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:ad8302605f2ad0bd58cdc6ccf3121cd5d626b4cda25fa879cf6baf340f60e5e1_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:8d70b6abac3ed0f2af3b2ce2017ca6a26619e2bbf57ffd91137448a3195d1061_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:d418e632cbce9b80986597698fec46298f5c4543d886b22b66b2d29367915456_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:eee2a83077e00faba6b8ae62dce61b2e03cb5a19a68a724b55b2ea70b709302d_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:18c1bba00e243364d013c4d113c0685a9d5097111a296c0c01883b5440d44e56_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:1969c2916efecbd6422f5e994dd6950295e87addfc82ab02fc7d336087ff7bd0_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:8e5b9f9ff73f7a8665bd463e4fe1c7a3672760c552ca52e5a81975a13ef20fa5_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-template-validator-rhel9@sha256:c98f4ef7277902010d91f6a0c9dee0c1773e61a60754204fa6463ff92e1ded80_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-template-validator-rhel9@sha256:f1e61b9acc97c059a5976ef1a1a88ece74ce2032726a86822bc376381ab67ad3_arm64",
"9Base-CNV-4.13:container-native-virtualization/libguestfs-tools-rhel9@sha256:5baa2f7b1d1041ca38a51bc2afd7657a5e9ac485f1cc676cdbb4f1ab39782d04_arm64",
"9Base-CNV-4.13:container-native-virtualization/libguestfs-tools-rhel9@sha256:dfc089d7a360ce8741058710348f5bcd14d3644fb8f47616195e1ee25bf2d6c6_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-api-rhel9@sha256:10de7c74d019f1146ddb93943810037849a1132b4c4df61b5f4184c3ecf9e69c_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-api-rhel9@sha256:c169c2406713b935ef99db16ac25546c56c35407fbe2c9700b08a85310ad0fe6_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-artifacts-server-rhel9@sha256:905d1c79e6577e9e5dba896ca6b24914b8bdf203f84fb6d2107b8ffaeeb60de4_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:d3a725b602d28a5fae21e03d629706baf0c171ecc7798cdb9fc2b82ca9e12474_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-cloner-rhel9@sha256:5bdea09f1c761544b93f7253a84bda794f518276f5fb11cde5dc188b1dc536ce_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-cloner-rhel9@sha256:e214218ed2008370a3e17889780171890dbe21baec315d3b87903ad9d3c06ee3_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-controller-rhel9@sha256:071c30274715467149dbb835cdbca395d48e41b98bdaaff3a261fb82cd2bf471_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-controller-rhel9@sha256:292e78073b80e1559110c267a25dc3c5000f767046aea2c6d18f7a6bfdd2a3f6_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-importer-rhel9@sha256:8d3ac293847b9314980a9142645cb69c541263eea18efb85a1872a56a061d0f1_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-importer-rhel9@sha256:c0629b38e9cfea842fe0c1b2a90c9750b31242ac7a71ae51418068f69bb51424_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-operator-rhel9@sha256:7c3a59429cb99215aec23cb956a1871ebe1d9e62197120e716b5bcc2e1dd6964_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-operator-rhel9@sha256:fdbd6dc5be9638ffdbb1aef724d6a46ec2ba1beb6e16c089d4d05fb28aa4f794_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7a171c401dfeb5552805ac3b4038f0ef341ef7655e36e71897ab6e6682fa3bc5_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7b21effa6d3e7e6852eda6df2bdb932f844278737c5926c7ec5645c2722786dc_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:74f7c60a7c34d8af32b082f02e7f7338efafe0792ba386b2703f05ac1a7c49c2_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:8f7d079101239ef1071771bcb3122c51134b4fd06dab34a1ea6e8454492045c7_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-controller-rhel9@sha256:71a719d5eaa4db12b17f602bcf2d3231fcd9a47cc631153b44e8f22ce1e1f307_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-controller-rhel9@sha256:f40ccbed7cb8c6c488cae4c8e569789a508e4e9c490dba4e8aca667b7ae95853_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportproxy-rhel9@sha256:716b79da2f6ce3e9ee19bd3a1e9932afcfbeb0395783c0de492da49e1f26fc5b_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportproxy-rhel9@sha256:9b03b296b984ca9140224eb0158fab9e77a6645cc43ab4207de891a538eb1300_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportserver-rhel9@sha256:048303ba05b860b512848c5cfc9ca03c4106781a4d8aff9c3255b48af9391886_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportserver-rhel9@sha256:60a187ab354a59e5cb367e313e62a36ee6a674141ae04526d3e7a29152792d7e_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-handler-rhel9@sha256:28c43deef9f4b766bbcfdd97c3ace0945c12e446775ba842287bb633b4e9936d_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-handler-rhel9@sha256:dd73561b49637055dc43c0659f89f969bd45761993586bed9e19ef13e2479708_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-launcher-rhel9@sha256:d8609dd0052664ee59e4bb91b3548ac589b487ca4ebcb91bda42ba52ff62b6db_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-launcher-rhel9@sha256:f9841e11df1c4a2eb6c5b90c6540ca3af8de2a5f6249fd2793e7f632e420f848_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-operator-rhel9@sha256:dfc42f4a3243e8533c62f6d8314b6878d8a8f10d46d5481537848b9187b5a4cd_amd64",
"9Base-CNV-4.13:container-native-virtualization/virtio-win-rhel9@sha256:b0ee06ec0f4764f15ab360c8915f4b4110073a9501f5901ce6acd0051df6e868_amd64",
"9Base-CNV-4.13:container-native-virtualization/virtio-win-rhel9@sha256:c38ad9283ef7dbddaa430538cd5ab694721b3d60c2115c019a5c49cf1b936649_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:52aac6b150521d0aa2b7ac6627c75dab0e55e8aa96690afa2d8818ff3262faf0_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:ac207fe8bbbbeb066a604246da46bdec218aa90fef62e490c047cc60ab5b222f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-28T13:45:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-CNV-4.13:container-native-virtualization/bridge-marker-rhel9@sha256:0e71d3c240537211edc18dfdfb3e5a3eca9f88a53ee3fd7d58dc18074644a69c_amd64",
"9Base-CNV-4.13:container-native-virtualization/bridge-marker-rhel9@sha256:d85a4f8ec1cea7bba6575be9984f48fce5a4600b562fb072780719f1bc5ed80e_arm64",
"9Base-CNV-4.13:container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:107d04e43edd1399d48742b8830dcba237809320a1fec8b4f68782b0efc2fd86_arm64",
"9Base-CNV-4.13:container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:f559d2bdbd8487f726498d10f96a3951f0e44b7c063939cabfca16e74c35bd68_amd64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:01630384f181e43217d435dcc0ae92e137bf976876690b68c442e59cc4b50d80_amd64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:18d5ce221b8b2c938b2d52d6751e4679b57a7723ff02698ab0fce89c4c160bd9_arm64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:380f2d6a3b273717a130ff60531efbcbad5031b503d6be70e74f0dad77e61e48_amd64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:ab8e7f2fac2870e0ac55a6b22ecac1120db26f9203687588be13ad3e644835a3_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubemacpool-rhel9@sha256:81e70858aab8bda6cc23788eab031ec38b00b45fb87a4358a98d11f511030396_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubesecondarydns-rhel9@sha256:a82f6e4ae5e2f3f26e81b5ed030a892c48165a69584cdb636bc281c2f63ab3f0_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubesecondarydns-rhel9@sha256:c7f3ad8727cda85d27466ccba129d0835e2a40cd23a1104e5d688887144d0eac_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:10505edee0e2e0deedb789149d5393da6a654dd509b01eaec0831fa687efdafd_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:29923097262e92e2ea605816ab5dc49a8e391da69443d874ddb79202b9af51cf_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:58432b96b2bd469584d3c5492a4bf2b932276ea4d32ce19f9fd123bc6c5a1d93_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:7aefe2a125e668580ed6b175c5d650c2d14df33718a45081a5cb3f415787e348_arm64",
"9Base-CNV-4.13:container-native-virtualization/multus-dynamic-networks-rhel9@sha256:daf59cf25c54c336cc34862a297c9bdf03e898dbede98e0f2ca34ef1afeec3aa_arm64",
"9Base-CNV-4.13:container-native-virtualization/multus-dynamic-networks-rhel9@sha256:f8294e9932f5bd8e6a5396c1cdd648c81e787788bdd30ac1a5701d383f222f4e_amd64",
"9Base-CNV-4.13:container-native-virtualization/ovs-cni-plugin-rhel9@sha256:0a2c2835ba5b828fb97e7645dd68f03a14c308a470e7147c6174d8d5ada11de0_amd64",
"9Base-CNV-4.13:container-native-virtualization/ovs-cni-plugin-rhel9@sha256:96d1fc0366532f53aeab7438d4805807964d79188ad240a116e891075aaa4512_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-console-proxy-rhel9@sha256:1b53c2b30db706797bdb1c5d6f08e8e66e009eb87ee5c3ace6196e8940c6a43a_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-console-proxy-rhel9@sha256:91cad92cf5849d910a26ca8d704963372818f23619656032893291530633935c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7522"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"9Base-CNV-4.13:container-native-virtualization/bridge-marker-rhel9@sha256:0e71d3c240537211edc18dfdfb3e5a3eca9f88a53ee3fd7d58dc18074644a69c_amd64",
"9Base-CNV-4.13:container-native-virtualization/bridge-marker-rhel9@sha256:d85a4f8ec1cea7bba6575be9984f48fce5a4600b562fb072780719f1bc5ed80e_arm64",
"9Base-CNV-4.13:container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:107d04e43edd1399d48742b8830dcba237809320a1fec8b4f68782b0efc2fd86_arm64",
"9Base-CNV-4.13:container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:f559d2bdbd8487f726498d10f96a3951f0e44b7c063939cabfca16e74c35bd68_amd64",
"9Base-CNV-4.13:container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64",
"9Base-CNV-4.13:container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:92c79fa3527d94798647e08d652d3efa3de951792938514d1c975216a9deb6b1_amd64",
"9Base-CNV-4.13:container-native-virtualization/cnv-must-gather-rhel9@sha256:01237c51aae3adceeea01460602c5bb900357444cae56ae0e22e99c818435692_arm64",
"9Base-CNV-4.13:container-native-virtualization/cnv-must-gather-rhel9@sha256:1fe01e810e8e7b6b86d60199113bd59ca65fe92f7619c9fb7e953ac6eef5d3e3_amd64",
"9Base-CNV-4.13:container-native-virtualization/hco-bundle-registry-rhel9@sha256:1b696ba369b10f370f5e13d5cb86cacd34fae5406454e2f89a91708b34efd350_arm64",
"9Base-CNV-4.13:container-native-virtualization/hco-bundle-registry-rhel9@sha256:bd1138c5193f4141105fdf665bf60693631ee6edafa8688cd541534fb8b4da88_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-csi-driver-rhel9@sha256:4d3b8bc4aebf94a9fd4247bca243e7a19e9bc7ddb0060f3020eaae90a4d3b554_arm64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-csi-driver-rhel9@sha256:67a15301595b1552963b684a2bdcbabd0b7c9f64efea05a22f1defaeb802e000_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:46935d95ae6c7861756fee7c4026d7877d6991ae7d237aeade91694c98ececd6_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:91d2e6eb9652199683914aa039cb9e1df6f17f1c9a4c8bde03cb8dbf146cf66e_arm64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-rhel9@sha256:9ebff9a91c3fb8018cafc2f47834375575921677a1dd30b5d4b8205a3fc9b08e_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-rhel9@sha256:a66f5bdcf12014dc03a240fcdb800545c992b7f6b3fe8471b10431e98ab1abc9_arm64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:01630384f181e43217d435dcc0ae92e137bf976876690b68c442e59cc4b50d80_amd64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:18d5ce221b8b2c938b2d52d6751e4679b57a7723ff02698ab0fce89c4c160bd9_arm64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:380f2d6a3b273717a130ff60531efbcbad5031b503d6be70e74f0dad77e61e48_amd64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:ab8e7f2fac2870e0ac55a6b22ecac1120db26f9203687588be13ad3e644835a3_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubemacpool-rhel9@sha256:81e70858aab8bda6cc23788eab031ec38b00b45fb87a4358a98d11f511030396_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubesecondarydns-rhel9@sha256:a82f6e4ae5e2f3f26e81b5ed030a892c48165a69584cdb636bc281c2f63ab3f0_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubesecondarydns-rhel9@sha256:c7f3ad8727cda85d27466ccba129d0835e2a40cd23a1104e5d688887144d0eac_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:44425d1d119a2f9cb64dfad35ef5699b246ac4373e13c3184db67e53c7de4c01_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:5a053e4919a82d77a3b889ea0d67e2cb8fcdb3c0490eaaee2a2c6695ff7b8bc3_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:eb09be5eb5cc9c61ac72e16d868001911cb900cee4e0d4b33e0e1bf2121b8bd1_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:ebf7a7fccbcfde5a5e41789bc6674b956b24f9ea467b0b1a78c8e4edf3ef84b0_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:10505edee0e2e0deedb789149d5393da6a654dd509b01eaec0831fa687efdafd_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:29923097262e92e2ea605816ab5dc49a8e391da69443d874ddb79202b9af51cf_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:13618d47989e341d083ccfc8562031fa70c1b40c74962cbab719b2dd0816554d_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:9ba387cfd3ac34a6feb5dca25702a9a5361dfe81b4c4837fb916ec25952d4c39_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:a1c68142038f9c1e8c09d0160c2c419900a672ebfdf6ca2ed8654f7111b39ea9_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e12388f059afbd197b3d522f078c98ca78b937d6306b73e1797eedf838f8ba5_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e6271542b1628a195ea3fbe5eaba8344d395c861c2ecfc71d1f031dd41aa79c_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:326c0ae083455c35ea6af7a7e81d4fe345fb0eeb9dfa141b32c53e9679cce929_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:ad8302605f2ad0bd58cdc6ccf3121cd5d626b4cda25fa879cf6baf340f60e5e1_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:8d70b6abac3ed0f2af3b2ce2017ca6a26619e2bbf57ffd91137448a3195d1061_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:d418e632cbce9b80986597698fec46298f5c4543d886b22b66b2d29367915456_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:eee2a83077e00faba6b8ae62dce61b2e03cb5a19a68a724b55b2ea70b709302d_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:18c1bba00e243364d013c4d113c0685a9d5097111a296c0c01883b5440d44e56_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:1969c2916efecbd6422f5e994dd6950295e87addfc82ab02fc7d336087ff7bd0_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:58432b96b2bd469584d3c5492a4bf2b932276ea4d32ce19f9fd123bc6c5a1d93_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:7aefe2a125e668580ed6b175c5d650c2d14df33718a45081a5cb3f415787e348_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:8e5b9f9ff73f7a8665bd463e4fe1c7a3672760c552ca52e5a81975a13ef20fa5_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-template-validator-rhel9@sha256:c98f4ef7277902010d91f6a0c9dee0c1773e61a60754204fa6463ff92e1ded80_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-template-validator-rhel9@sha256:f1e61b9acc97c059a5976ef1a1a88ece74ce2032726a86822bc376381ab67ad3_arm64",
"9Base-CNV-4.13:container-native-virtualization/libguestfs-tools-rhel9@sha256:5baa2f7b1d1041ca38a51bc2afd7657a5e9ac485f1cc676cdbb4f1ab39782d04_arm64",
"9Base-CNV-4.13:container-native-virtualization/libguestfs-tools-rhel9@sha256:dfc089d7a360ce8741058710348f5bcd14d3644fb8f47616195e1ee25bf2d6c6_amd64",
"9Base-CNV-4.13:container-native-virtualization/multus-dynamic-networks-rhel9@sha256:daf59cf25c54c336cc34862a297c9bdf03e898dbede98e0f2ca34ef1afeec3aa_arm64",
"9Base-CNV-4.13:container-native-virtualization/multus-dynamic-networks-rhel9@sha256:f8294e9932f5bd8e6a5396c1cdd648c81e787788bdd30ac1a5701d383f222f4e_amd64",
"9Base-CNV-4.13:container-native-virtualization/ovs-cni-plugin-rhel9@sha256:0a2c2835ba5b828fb97e7645dd68f03a14c308a470e7147c6174d8d5ada11de0_amd64",
"9Base-CNV-4.13:container-native-virtualization/ovs-cni-plugin-rhel9@sha256:96d1fc0366532f53aeab7438d4805807964d79188ad240a116e891075aaa4512_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-api-rhel9@sha256:10de7c74d019f1146ddb93943810037849a1132b4c4df61b5f4184c3ecf9e69c_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-api-rhel9@sha256:c169c2406713b935ef99db16ac25546c56c35407fbe2c9700b08a85310ad0fe6_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-artifacts-server-rhel9@sha256:905d1c79e6577e9e5dba896ca6b24914b8bdf203f84fb6d2107b8ffaeeb60de4_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:d3a725b602d28a5fae21e03d629706baf0c171ecc7798cdb9fc2b82ca9e12474_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-cloner-rhel9@sha256:5bdea09f1c761544b93f7253a84bda794f518276f5fb11cde5dc188b1dc536ce_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-cloner-rhel9@sha256:e214218ed2008370a3e17889780171890dbe21baec315d3b87903ad9d3c06ee3_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-controller-rhel9@sha256:071c30274715467149dbb835cdbca395d48e41b98bdaaff3a261fb82cd2bf471_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-controller-rhel9@sha256:292e78073b80e1559110c267a25dc3c5000f767046aea2c6d18f7a6bfdd2a3f6_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-importer-rhel9@sha256:8d3ac293847b9314980a9142645cb69c541263eea18efb85a1872a56a061d0f1_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-importer-rhel9@sha256:c0629b38e9cfea842fe0c1b2a90c9750b31242ac7a71ae51418068f69bb51424_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-operator-rhel9@sha256:7c3a59429cb99215aec23cb956a1871ebe1d9e62197120e716b5bcc2e1dd6964_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-operator-rhel9@sha256:fdbd6dc5be9638ffdbb1aef724d6a46ec2ba1beb6e16c089d4d05fb28aa4f794_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7a171c401dfeb5552805ac3b4038f0ef341ef7655e36e71897ab6e6682fa3bc5_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7b21effa6d3e7e6852eda6df2bdb932f844278737c5926c7ec5645c2722786dc_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:74f7c60a7c34d8af32b082f02e7f7338efafe0792ba386b2703f05ac1a7c49c2_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:8f7d079101239ef1071771bcb3122c51134b4fd06dab34a1ea6e8454492045c7_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-controller-rhel9@sha256:71a719d5eaa4db12b17f602bcf2d3231fcd9a47cc631153b44e8f22ce1e1f307_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-controller-rhel9@sha256:f40ccbed7cb8c6c488cae4c8e569789a508e4e9c490dba4e8aca667b7ae95853_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportproxy-rhel9@sha256:716b79da2f6ce3e9ee19bd3a1e9932afcfbeb0395783c0de492da49e1f26fc5b_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportproxy-rhel9@sha256:9b03b296b984ca9140224eb0158fab9e77a6645cc43ab4207de891a538eb1300_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportserver-rhel9@sha256:048303ba05b860b512848c5cfc9ca03c4106781a4d8aff9c3255b48af9391886_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportserver-rhel9@sha256:60a187ab354a59e5cb367e313e62a36ee6a674141ae04526d3e7a29152792d7e_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-handler-rhel9@sha256:28c43deef9f4b766bbcfdd97c3ace0945c12e446775ba842287bb633b4e9936d_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-handler-rhel9@sha256:dd73561b49637055dc43c0659f89f969bd45761993586bed9e19ef13e2479708_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-launcher-rhel9@sha256:d8609dd0052664ee59e4bb91b3548ac589b487ca4ebcb91bda42ba52ff62b6db_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-launcher-rhel9@sha256:f9841e11df1c4a2eb6c5b90c6540ca3af8de2a5f6249fd2793e7f632e420f848_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-operator-rhel9@sha256:dfc42f4a3243e8533c62f6d8314b6878d8a8f10d46d5481537848b9187b5a4cd_amd64",
"9Base-CNV-4.13:container-native-virtualization/virtio-win-rhel9@sha256:b0ee06ec0f4764f15ab360c8915f4b4110073a9501f5901ce6acd0051df6e868_amd64",
"9Base-CNV-4.13:container-native-virtualization/virtio-win-rhel9@sha256:c38ad9283ef7dbddaa430538cd5ab694721b3d60c2115c019a5c49cf1b936649_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-console-proxy-rhel9@sha256:1b53c2b30db706797bdb1c5d6f08e8e66e009eb87ee5c3ace6196e8940c6a43a_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-console-proxy-rhel9@sha256:91cad92cf5849d910a26ca8d704963372818f23619656032893291530633935c_amd64",
"9Base-CNV-4.13:container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:52aac6b150521d0aa2b7ac6627c75dab0e55e8aa96690afa2d8818ff3262faf0_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:ac207fe8bbbbeb066a604246da46bdec218aa90fef62e490c047cc60ab5b222f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-CNV-4.13:container-native-virtualization/bridge-marker-rhel9@sha256:0e71d3c240537211edc18dfdfb3e5a3eca9f88a53ee3fd7d58dc18074644a69c_amd64",
"9Base-CNV-4.13:container-native-virtualization/bridge-marker-rhel9@sha256:d85a4f8ec1cea7bba6575be9984f48fce5a4600b562fb072780719f1bc5ed80e_arm64",
"9Base-CNV-4.13:container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:107d04e43edd1399d48742b8830dcba237809320a1fec8b4f68782b0efc2fd86_arm64",
"9Base-CNV-4.13:container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:f559d2bdbd8487f726498d10f96a3951f0e44b7c063939cabfca16e74c35bd68_amd64",
"9Base-CNV-4.13:container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64",
"9Base-CNV-4.13:container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:92c79fa3527d94798647e08d652d3efa3de951792938514d1c975216a9deb6b1_amd64",
"9Base-CNV-4.13:container-native-virtualization/cnv-must-gather-rhel9@sha256:01237c51aae3adceeea01460602c5bb900357444cae56ae0e22e99c818435692_arm64",
"9Base-CNV-4.13:container-native-virtualization/cnv-must-gather-rhel9@sha256:1fe01e810e8e7b6b86d60199113bd59ca65fe92f7619c9fb7e953ac6eef5d3e3_amd64",
"9Base-CNV-4.13:container-native-virtualization/hco-bundle-registry-rhel9@sha256:1b696ba369b10f370f5e13d5cb86cacd34fae5406454e2f89a91708b34efd350_arm64",
"9Base-CNV-4.13:container-native-virtualization/hco-bundle-registry-rhel9@sha256:bd1138c5193f4141105fdf665bf60693631ee6edafa8688cd541534fb8b4da88_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-csi-driver-rhel9@sha256:4d3b8bc4aebf94a9fd4247bca243e7a19e9bc7ddb0060f3020eaae90a4d3b554_arm64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-csi-driver-rhel9@sha256:67a15301595b1552963b684a2bdcbabd0b7c9f64efea05a22f1defaeb802e000_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:46935d95ae6c7861756fee7c4026d7877d6991ae7d237aeade91694c98ececd6_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:91d2e6eb9652199683914aa039cb9e1df6f17f1c9a4c8bde03cb8dbf146cf66e_arm64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-rhel9@sha256:9ebff9a91c3fb8018cafc2f47834375575921677a1dd30b5d4b8205a3fc9b08e_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-rhel9@sha256:a66f5bdcf12014dc03a240fcdb800545c992b7f6b3fe8471b10431e98ab1abc9_arm64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:01630384f181e43217d435dcc0ae92e137bf976876690b68c442e59cc4b50d80_amd64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:18d5ce221b8b2c938b2d52d6751e4679b57a7723ff02698ab0fce89c4c160bd9_arm64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:380f2d6a3b273717a130ff60531efbcbad5031b503d6be70e74f0dad77e61e48_amd64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:ab8e7f2fac2870e0ac55a6b22ecac1120db26f9203687588be13ad3e644835a3_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubemacpool-rhel9@sha256:81e70858aab8bda6cc23788eab031ec38b00b45fb87a4358a98d11f511030396_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubesecondarydns-rhel9@sha256:a82f6e4ae5e2f3f26e81b5ed030a892c48165a69584cdb636bc281c2f63ab3f0_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubesecondarydns-rhel9@sha256:c7f3ad8727cda85d27466ccba129d0835e2a40cd23a1104e5d688887144d0eac_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:44425d1d119a2f9cb64dfad35ef5699b246ac4373e13c3184db67e53c7de4c01_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:5a053e4919a82d77a3b889ea0d67e2cb8fcdb3c0490eaaee2a2c6695ff7b8bc3_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:eb09be5eb5cc9c61ac72e16d868001911cb900cee4e0d4b33e0e1bf2121b8bd1_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:ebf7a7fccbcfde5a5e41789bc6674b956b24f9ea467b0b1a78c8e4edf3ef84b0_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:10505edee0e2e0deedb789149d5393da6a654dd509b01eaec0831fa687efdafd_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:29923097262e92e2ea605816ab5dc49a8e391da69443d874ddb79202b9af51cf_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:13618d47989e341d083ccfc8562031fa70c1b40c74962cbab719b2dd0816554d_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:9ba387cfd3ac34a6feb5dca25702a9a5361dfe81b4c4837fb916ec25952d4c39_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:a1c68142038f9c1e8c09d0160c2c419900a672ebfdf6ca2ed8654f7111b39ea9_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e12388f059afbd197b3d522f078c98ca78b937d6306b73e1797eedf838f8ba5_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e6271542b1628a195ea3fbe5eaba8344d395c861c2ecfc71d1f031dd41aa79c_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:326c0ae083455c35ea6af7a7e81d4fe345fb0eeb9dfa141b32c53e9679cce929_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:ad8302605f2ad0bd58cdc6ccf3121cd5d626b4cda25fa879cf6baf340f60e5e1_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:8d70b6abac3ed0f2af3b2ce2017ca6a26619e2bbf57ffd91137448a3195d1061_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:d418e632cbce9b80986597698fec46298f5c4543d886b22b66b2d29367915456_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:eee2a83077e00faba6b8ae62dce61b2e03cb5a19a68a724b55b2ea70b709302d_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:18c1bba00e243364d013c4d113c0685a9d5097111a296c0c01883b5440d44e56_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:1969c2916efecbd6422f5e994dd6950295e87addfc82ab02fc7d336087ff7bd0_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:58432b96b2bd469584d3c5492a4bf2b932276ea4d32ce19f9fd123bc6c5a1d93_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:7aefe2a125e668580ed6b175c5d650c2d14df33718a45081a5cb3f415787e348_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:8e5b9f9ff73f7a8665bd463e4fe1c7a3672760c552ca52e5a81975a13ef20fa5_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-template-validator-rhel9@sha256:c98f4ef7277902010d91f6a0c9dee0c1773e61a60754204fa6463ff92e1ded80_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-template-validator-rhel9@sha256:f1e61b9acc97c059a5976ef1a1a88ece74ce2032726a86822bc376381ab67ad3_arm64",
"9Base-CNV-4.13:container-native-virtualization/libguestfs-tools-rhel9@sha256:5baa2f7b1d1041ca38a51bc2afd7657a5e9ac485f1cc676cdbb4f1ab39782d04_arm64",
"9Base-CNV-4.13:container-native-virtualization/libguestfs-tools-rhel9@sha256:dfc089d7a360ce8741058710348f5bcd14d3644fb8f47616195e1ee25bf2d6c6_amd64",
"9Base-CNV-4.13:container-native-virtualization/multus-dynamic-networks-rhel9@sha256:daf59cf25c54c336cc34862a297c9bdf03e898dbede98e0f2ca34ef1afeec3aa_arm64",
"9Base-CNV-4.13:container-native-virtualization/multus-dynamic-networks-rhel9@sha256:f8294e9932f5bd8e6a5396c1cdd648c81e787788bdd30ac1a5701d383f222f4e_amd64",
"9Base-CNV-4.13:container-native-virtualization/ovs-cni-plugin-rhel9@sha256:0a2c2835ba5b828fb97e7645dd68f03a14c308a470e7147c6174d8d5ada11de0_amd64",
"9Base-CNV-4.13:container-native-virtualization/ovs-cni-plugin-rhel9@sha256:96d1fc0366532f53aeab7438d4805807964d79188ad240a116e891075aaa4512_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-api-rhel9@sha256:10de7c74d019f1146ddb93943810037849a1132b4c4df61b5f4184c3ecf9e69c_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-api-rhel9@sha256:c169c2406713b935ef99db16ac25546c56c35407fbe2c9700b08a85310ad0fe6_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-artifacts-server-rhel9@sha256:905d1c79e6577e9e5dba896ca6b24914b8bdf203f84fb6d2107b8ffaeeb60de4_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:d3a725b602d28a5fae21e03d629706baf0c171ecc7798cdb9fc2b82ca9e12474_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-cloner-rhel9@sha256:5bdea09f1c761544b93f7253a84bda794f518276f5fb11cde5dc188b1dc536ce_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-cloner-rhel9@sha256:e214218ed2008370a3e17889780171890dbe21baec315d3b87903ad9d3c06ee3_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-controller-rhel9@sha256:071c30274715467149dbb835cdbca395d48e41b98bdaaff3a261fb82cd2bf471_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-controller-rhel9@sha256:292e78073b80e1559110c267a25dc3c5000f767046aea2c6d18f7a6bfdd2a3f6_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-importer-rhel9@sha256:8d3ac293847b9314980a9142645cb69c541263eea18efb85a1872a56a061d0f1_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-importer-rhel9@sha256:c0629b38e9cfea842fe0c1b2a90c9750b31242ac7a71ae51418068f69bb51424_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-operator-rhel9@sha256:7c3a59429cb99215aec23cb956a1871ebe1d9e62197120e716b5bcc2e1dd6964_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-operator-rhel9@sha256:fdbd6dc5be9638ffdbb1aef724d6a46ec2ba1beb6e16c089d4d05fb28aa4f794_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7a171c401dfeb5552805ac3b4038f0ef341ef7655e36e71897ab6e6682fa3bc5_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7b21effa6d3e7e6852eda6df2bdb932f844278737c5926c7ec5645c2722786dc_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:74f7c60a7c34d8af32b082f02e7f7338efafe0792ba386b2703f05ac1a7c49c2_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:8f7d079101239ef1071771bcb3122c51134b4fd06dab34a1ea6e8454492045c7_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-controller-rhel9@sha256:71a719d5eaa4db12b17f602bcf2d3231fcd9a47cc631153b44e8f22ce1e1f307_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-controller-rhel9@sha256:f40ccbed7cb8c6c488cae4c8e569789a508e4e9c490dba4e8aca667b7ae95853_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportproxy-rhel9@sha256:716b79da2f6ce3e9ee19bd3a1e9932afcfbeb0395783c0de492da49e1f26fc5b_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportproxy-rhel9@sha256:9b03b296b984ca9140224eb0158fab9e77a6645cc43ab4207de891a538eb1300_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportserver-rhel9@sha256:048303ba05b860b512848c5cfc9ca03c4106781a4d8aff9c3255b48af9391886_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportserver-rhel9@sha256:60a187ab354a59e5cb367e313e62a36ee6a674141ae04526d3e7a29152792d7e_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-handler-rhel9@sha256:28c43deef9f4b766bbcfdd97c3ace0945c12e446775ba842287bb633b4e9936d_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-handler-rhel9@sha256:dd73561b49637055dc43c0659f89f969bd45761993586bed9e19ef13e2479708_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-launcher-rhel9@sha256:d8609dd0052664ee59e4bb91b3548ac589b487ca4ebcb91bda42ba52ff62b6db_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-launcher-rhel9@sha256:f9841e11df1c4a2eb6c5b90c6540ca3af8de2a5f6249fd2793e7f632e420f848_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-operator-rhel9@sha256:dfc42f4a3243e8533c62f6d8314b6878d8a8f10d46d5481537848b9187b5a4cd_amd64",
"9Base-CNV-4.13:container-native-virtualization/virtio-win-rhel9@sha256:b0ee06ec0f4764f15ab360c8915f4b4110073a9501f5901ce6acd0051df6e868_amd64",
"9Base-CNV-4.13:container-native-virtualization/virtio-win-rhel9@sha256:c38ad9283ef7dbddaa430538cd5ab694721b3d60c2115c019a5c49cf1b936649_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-console-proxy-rhel9@sha256:1b53c2b30db706797bdb1c5d6f08e8e66e009eb87ee5c3ace6196e8940c6a43a_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-console-proxy-rhel9@sha256:91cad92cf5849d910a26ca8d704963372818f23619656032893291530633935c_amd64",
"9Base-CNV-4.13:container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:52aac6b150521d0aa2b7ac6627c75dab0e55e8aa96690afa2d8818ff3262faf0_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:ac207fe8bbbbeb066a604246da46bdec218aa90fef62e490c047cc60ab5b222f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-CNV-4.13:container-native-virtualization/bridge-marker-rhel9@sha256:0e71d3c240537211edc18dfdfb3e5a3eca9f88a53ee3fd7d58dc18074644a69c_amd64",
"9Base-CNV-4.13:container-native-virtualization/bridge-marker-rhel9@sha256:d85a4f8ec1cea7bba6575be9984f48fce5a4600b562fb072780719f1bc5ed80e_arm64",
"9Base-CNV-4.13:container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:107d04e43edd1399d48742b8830dcba237809320a1fec8b4f68782b0efc2fd86_arm64",
"9Base-CNV-4.13:container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:f559d2bdbd8487f726498d10f96a3951f0e44b7c063939cabfca16e74c35bd68_amd64",
"9Base-CNV-4.13:container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64",
"9Base-CNV-4.13:container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:92c79fa3527d94798647e08d652d3efa3de951792938514d1c975216a9deb6b1_amd64",
"9Base-CNV-4.13:container-native-virtualization/cnv-must-gather-rhel9@sha256:01237c51aae3adceeea01460602c5bb900357444cae56ae0e22e99c818435692_arm64",
"9Base-CNV-4.13:container-native-virtualization/cnv-must-gather-rhel9@sha256:1fe01e810e8e7b6b86d60199113bd59ca65fe92f7619c9fb7e953ac6eef5d3e3_amd64",
"9Base-CNV-4.13:container-native-virtualization/hco-bundle-registry-rhel9@sha256:1b696ba369b10f370f5e13d5cb86cacd34fae5406454e2f89a91708b34efd350_arm64",
"9Base-CNV-4.13:container-native-virtualization/hco-bundle-registry-rhel9@sha256:bd1138c5193f4141105fdf665bf60693631ee6edafa8688cd541534fb8b4da88_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-csi-driver-rhel9@sha256:4d3b8bc4aebf94a9fd4247bca243e7a19e9bc7ddb0060f3020eaae90a4d3b554_arm64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-csi-driver-rhel9@sha256:67a15301595b1552963b684a2bdcbabd0b7c9f64efea05a22f1defaeb802e000_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:46935d95ae6c7861756fee7c4026d7877d6991ae7d237aeade91694c98ececd6_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:91d2e6eb9652199683914aa039cb9e1df6f17f1c9a4c8bde03cb8dbf146cf66e_arm64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-rhel9@sha256:9ebff9a91c3fb8018cafc2f47834375575921677a1dd30b5d4b8205a3fc9b08e_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-rhel9@sha256:a66f5bdcf12014dc03a240fcdb800545c992b7f6b3fe8471b10431e98ab1abc9_arm64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:01630384f181e43217d435dcc0ae92e137bf976876690b68c442e59cc4b50d80_amd64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:18d5ce221b8b2c938b2d52d6751e4679b57a7723ff02698ab0fce89c4c160bd9_arm64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:380f2d6a3b273717a130ff60531efbcbad5031b503d6be70e74f0dad77e61e48_amd64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:ab8e7f2fac2870e0ac55a6b22ecac1120db26f9203687588be13ad3e644835a3_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubemacpool-rhel9@sha256:81e70858aab8bda6cc23788eab031ec38b00b45fb87a4358a98d11f511030396_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubesecondarydns-rhel9@sha256:a82f6e4ae5e2f3f26e81b5ed030a892c48165a69584cdb636bc281c2f63ab3f0_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubesecondarydns-rhel9@sha256:c7f3ad8727cda85d27466ccba129d0835e2a40cd23a1104e5d688887144d0eac_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:eb09be5eb5cc9c61ac72e16d868001911cb900cee4e0d4b33e0e1bf2121b8bd1_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:ebf7a7fccbcfde5a5e41789bc6674b956b24f9ea467b0b1a78c8e4edf3ef84b0_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:10505edee0e2e0deedb789149d5393da6a654dd509b01eaec0831fa687efdafd_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:29923097262e92e2ea605816ab5dc49a8e391da69443d874ddb79202b9af51cf_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:13618d47989e341d083ccfc8562031fa70c1b40c74962cbab719b2dd0816554d_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:9ba387cfd3ac34a6feb5dca25702a9a5361dfe81b4c4837fb916ec25952d4c39_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:a1c68142038f9c1e8c09d0160c2c419900a672ebfdf6ca2ed8654f7111b39ea9_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e12388f059afbd197b3d522f078c98ca78b937d6306b73e1797eedf838f8ba5_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e6271542b1628a195ea3fbe5eaba8344d395c861c2ecfc71d1f031dd41aa79c_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:326c0ae083455c35ea6af7a7e81d4fe345fb0eeb9dfa141b32c53e9679cce929_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:ad8302605f2ad0bd58cdc6ccf3121cd5d626b4cda25fa879cf6baf340f60e5e1_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:8d70b6abac3ed0f2af3b2ce2017ca6a26619e2bbf57ffd91137448a3195d1061_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:d418e632cbce9b80986597698fec46298f5c4543d886b22b66b2d29367915456_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:eee2a83077e00faba6b8ae62dce61b2e03cb5a19a68a724b55b2ea70b709302d_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:18c1bba00e243364d013c4d113c0685a9d5097111a296c0c01883b5440d44e56_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:1969c2916efecbd6422f5e994dd6950295e87addfc82ab02fc7d336087ff7bd0_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:58432b96b2bd469584d3c5492a4bf2b932276ea4d32ce19f9fd123bc6c5a1d93_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:7aefe2a125e668580ed6b175c5d650c2d14df33718a45081a5cb3f415787e348_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:8e5b9f9ff73f7a8665bd463e4fe1c7a3672760c552ca52e5a81975a13ef20fa5_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-template-validator-rhel9@sha256:c98f4ef7277902010d91f6a0c9dee0c1773e61a60754204fa6463ff92e1ded80_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-template-validator-rhel9@sha256:f1e61b9acc97c059a5976ef1a1a88ece74ce2032726a86822bc376381ab67ad3_arm64",
"9Base-CNV-4.13:container-native-virtualization/libguestfs-tools-rhel9@sha256:5baa2f7b1d1041ca38a51bc2afd7657a5e9ac485f1cc676cdbb4f1ab39782d04_arm64",
"9Base-CNV-4.13:container-native-virtualization/libguestfs-tools-rhel9@sha256:dfc089d7a360ce8741058710348f5bcd14d3644fb8f47616195e1ee25bf2d6c6_amd64",
"9Base-CNV-4.13:container-native-virtualization/multus-dynamic-networks-rhel9@sha256:daf59cf25c54c336cc34862a297c9bdf03e898dbede98e0f2ca34ef1afeec3aa_arm64",
"9Base-CNV-4.13:container-native-virtualization/multus-dynamic-networks-rhel9@sha256:f8294e9932f5bd8e6a5396c1cdd648c81e787788bdd30ac1a5701d383f222f4e_amd64",
"9Base-CNV-4.13:container-native-virtualization/ovs-cni-plugin-rhel9@sha256:0a2c2835ba5b828fb97e7645dd68f03a14c308a470e7147c6174d8d5ada11de0_amd64",
"9Base-CNV-4.13:container-native-virtualization/ovs-cni-plugin-rhel9@sha256:96d1fc0366532f53aeab7438d4805807964d79188ad240a116e891075aaa4512_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-api-rhel9@sha256:10de7c74d019f1146ddb93943810037849a1132b4c4df61b5f4184c3ecf9e69c_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-api-rhel9@sha256:c169c2406713b935ef99db16ac25546c56c35407fbe2c9700b08a85310ad0fe6_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-artifacts-server-rhel9@sha256:905d1c79e6577e9e5dba896ca6b24914b8bdf203f84fb6d2107b8ffaeeb60de4_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:d3a725b602d28a5fae21e03d629706baf0c171ecc7798cdb9fc2b82ca9e12474_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-cloner-rhel9@sha256:5bdea09f1c761544b93f7253a84bda794f518276f5fb11cde5dc188b1dc536ce_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-cloner-rhel9@sha256:e214218ed2008370a3e17889780171890dbe21baec315d3b87903ad9d3c06ee3_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-controller-rhel9@sha256:071c30274715467149dbb835cdbca395d48e41b98bdaaff3a261fb82cd2bf471_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-controller-rhel9@sha256:292e78073b80e1559110c267a25dc3c5000f767046aea2c6d18f7a6bfdd2a3f6_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-importer-rhel9@sha256:8d3ac293847b9314980a9142645cb69c541263eea18efb85a1872a56a061d0f1_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-importer-rhel9@sha256:c0629b38e9cfea842fe0c1b2a90c9750b31242ac7a71ae51418068f69bb51424_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-operator-rhel9@sha256:7c3a59429cb99215aec23cb956a1871ebe1d9e62197120e716b5bcc2e1dd6964_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-operator-rhel9@sha256:fdbd6dc5be9638ffdbb1aef724d6a46ec2ba1beb6e16c089d4d05fb28aa4f794_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7a171c401dfeb5552805ac3b4038f0ef341ef7655e36e71897ab6e6682fa3bc5_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7b21effa6d3e7e6852eda6df2bdb932f844278737c5926c7ec5645c2722786dc_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:74f7c60a7c34d8af32b082f02e7f7338efafe0792ba386b2703f05ac1a7c49c2_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:8f7d079101239ef1071771bcb3122c51134b4fd06dab34a1ea6e8454492045c7_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-controller-rhel9@sha256:71a719d5eaa4db12b17f602bcf2d3231fcd9a47cc631153b44e8f22ce1e1f307_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-controller-rhel9@sha256:f40ccbed7cb8c6c488cae4c8e569789a508e4e9c490dba4e8aca667b7ae95853_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportproxy-rhel9@sha256:716b79da2f6ce3e9ee19bd3a1e9932afcfbeb0395783c0de492da49e1f26fc5b_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportproxy-rhel9@sha256:9b03b296b984ca9140224eb0158fab9e77a6645cc43ab4207de891a538eb1300_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportserver-rhel9@sha256:048303ba05b860b512848c5cfc9ca03c4106781a4d8aff9c3255b48af9391886_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportserver-rhel9@sha256:60a187ab354a59e5cb367e313e62a36ee6a674141ae04526d3e7a29152792d7e_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-handler-rhel9@sha256:28c43deef9f4b766bbcfdd97c3ace0945c12e446775ba842287bb633b4e9936d_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-handler-rhel9@sha256:dd73561b49637055dc43c0659f89f969bd45761993586bed9e19ef13e2479708_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-launcher-rhel9@sha256:d8609dd0052664ee59e4bb91b3548ac589b487ca4ebcb91bda42ba52ff62b6db_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-launcher-rhel9@sha256:f9841e11df1c4a2eb6c5b90c6540ca3af8de2a5f6249fd2793e7f632e420f848_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-operator-rhel9@sha256:dfc42f4a3243e8533c62f6d8314b6878d8a8f10d46d5481537848b9187b5a4cd_amd64",
"9Base-CNV-4.13:container-native-virtualization/virtio-win-rhel9@sha256:b0ee06ec0f4764f15ab360c8915f4b4110073a9501f5901ce6acd0051df6e868_amd64",
"9Base-CNV-4.13:container-native-virtualization/virtio-win-rhel9@sha256:c38ad9283ef7dbddaa430538cd5ab694721b3d60c2115c019a5c49cf1b936649_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-console-proxy-rhel9@sha256:1b53c2b30db706797bdb1c5d6f08e8e66e009eb87ee5c3ace6196e8940c6a43a_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-console-proxy-rhel9@sha256:91cad92cf5849d910a26ca8d704963372818f23619656032893291530633935c_amd64",
"9Base-CNV-4.13:container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:52aac6b150521d0aa2b7ac6627c75dab0e55e8aa96690afa2d8818ff3262faf0_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:ac207fe8bbbbeb066a604246da46bdec218aa90fef62e490c047cc60ab5b222f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-CNV-4.13:container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:44425d1d119a2f9cb64dfad35ef5699b246ac4373e13c3184db67e53c7de4c01_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:5a053e4919a82d77a3b889ea0d67e2cb8fcdb3c0490eaaee2a2c6695ff7b8bc3_arm64"
],
"known_not_affected": [
"9Base-CNV-4.13:container-native-virtualization/bridge-marker-rhel9@sha256:0e71d3c240537211edc18dfdfb3e5a3eca9f88a53ee3fd7d58dc18074644a69c_amd64",
"9Base-CNV-4.13:container-native-virtualization/bridge-marker-rhel9@sha256:d85a4f8ec1cea7bba6575be9984f48fce5a4600b562fb072780719f1bc5ed80e_arm64",
"9Base-CNV-4.13:container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:107d04e43edd1399d48742b8830dcba237809320a1fec8b4f68782b0efc2fd86_arm64",
"9Base-CNV-4.13:container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:f559d2bdbd8487f726498d10f96a3951f0e44b7c063939cabfca16e74c35bd68_amd64",
"9Base-CNV-4.13:container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64",
"9Base-CNV-4.13:container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:92c79fa3527d94798647e08d652d3efa3de951792938514d1c975216a9deb6b1_amd64",
"9Base-CNV-4.13:container-native-virtualization/cnv-must-gather-rhel9@sha256:01237c51aae3adceeea01460602c5bb900357444cae56ae0e22e99c818435692_arm64",
"9Base-CNV-4.13:container-native-virtualization/cnv-must-gather-rhel9@sha256:1fe01e810e8e7b6b86d60199113bd59ca65fe92f7619c9fb7e953ac6eef5d3e3_amd64",
"9Base-CNV-4.13:container-native-virtualization/hco-bundle-registry-rhel9@sha256:1b696ba369b10f370f5e13d5cb86cacd34fae5406454e2f89a91708b34efd350_arm64",
"9Base-CNV-4.13:container-native-virtualization/hco-bundle-registry-rhel9@sha256:bd1138c5193f4141105fdf665bf60693631ee6edafa8688cd541534fb8b4da88_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-csi-driver-rhel9@sha256:4d3b8bc4aebf94a9fd4247bca243e7a19e9bc7ddb0060f3020eaae90a4d3b554_arm64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-csi-driver-rhel9@sha256:67a15301595b1552963b684a2bdcbabd0b7c9f64efea05a22f1defaeb802e000_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:46935d95ae6c7861756fee7c4026d7877d6991ae7d237aeade91694c98ececd6_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:91d2e6eb9652199683914aa039cb9e1df6f17f1c9a4c8bde03cb8dbf146cf66e_arm64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-rhel9@sha256:9ebff9a91c3fb8018cafc2f47834375575921677a1dd30b5d4b8205a3fc9b08e_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-rhel9@sha256:a66f5bdcf12014dc03a240fcdb800545c992b7f6b3fe8471b10431e98ab1abc9_arm64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:01630384f181e43217d435dcc0ae92e137bf976876690b68c442e59cc4b50d80_amd64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:18d5ce221b8b2c938b2d52d6751e4679b57a7723ff02698ab0fce89c4c160bd9_arm64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:380f2d6a3b273717a130ff60531efbcbad5031b503d6be70e74f0dad77e61e48_amd64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:ab8e7f2fac2870e0ac55a6b22ecac1120db26f9203687588be13ad3e644835a3_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubemacpool-rhel9@sha256:81e70858aab8bda6cc23788eab031ec38b00b45fb87a4358a98d11f511030396_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubesecondarydns-rhel9@sha256:a82f6e4ae5e2f3f26e81b5ed030a892c48165a69584cdb636bc281c2f63ab3f0_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubesecondarydns-rhel9@sha256:c7f3ad8727cda85d27466ccba129d0835e2a40cd23a1104e5d688887144d0eac_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:eb09be5eb5cc9c61ac72e16d868001911cb900cee4e0d4b33e0e1bf2121b8bd1_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:ebf7a7fccbcfde5a5e41789bc6674b956b24f9ea467b0b1a78c8e4edf3ef84b0_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:10505edee0e2e0deedb789149d5393da6a654dd509b01eaec0831fa687efdafd_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:29923097262e92e2ea605816ab5dc49a8e391da69443d874ddb79202b9af51cf_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:13618d47989e341d083ccfc8562031fa70c1b40c74962cbab719b2dd0816554d_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:9ba387cfd3ac34a6feb5dca25702a9a5361dfe81b4c4837fb916ec25952d4c39_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:a1c68142038f9c1e8c09d0160c2c419900a672ebfdf6ca2ed8654f7111b39ea9_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e12388f059afbd197b3d522f078c98ca78b937d6306b73e1797eedf838f8ba5_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e6271542b1628a195ea3fbe5eaba8344d395c861c2ecfc71d1f031dd41aa79c_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:326c0ae083455c35ea6af7a7e81d4fe345fb0eeb9dfa141b32c53e9679cce929_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:ad8302605f2ad0bd58cdc6ccf3121cd5d626b4cda25fa879cf6baf340f60e5e1_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:8d70b6abac3ed0f2af3b2ce2017ca6a26619e2bbf57ffd91137448a3195d1061_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:d418e632cbce9b80986597698fec46298f5c4543d886b22b66b2d29367915456_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:eee2a83077e00faba6b8ae62dce61b2e03cb5a19a68a724b55b2ea70b709302d_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:18c1bba00e243364d013c4d113c0685a9d5097111a296c0c01883b5440d44e56_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:1969c2916efecbd6422f5e994dd6950295e87addfc82ab02fc7d336087ff7bd0_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:58432b96b2bd469584d3c5492a4bf2b932276ea4d32ce19f9fd123bc6c5a1d93_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:7aefe2a125e668580ed6b175c5d650c2d14df33718a45081a5cb3f415787e348_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:8e5b9f9ff73f7a8665bd463e4fe1c7a3672760c552ca52e5a81975a13ef20fa5_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-template-validator-rhel9@sha256:c98f4ef7277902010d91f6a0c9dee0c1773e61a60754204fa6463ff92e1ded80_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-template-validator-rhel9@sha256:f1e61b9acc97c059a5976ef1a1a88ece74ce2032726a86822bc376381ab67ad3_arm64",
"9Base-CNV-4.13:container-native-virtualization/libguestfs-tools-rhel9@sha256:5baa2f7b1d1041ca38a51bc2afd7657a5e9ac485f1cc676cdbb4f1ab39782d04_arm64",
"9Base-CNV-4.13:container-native-virtualization/libguestfs-tools-rhel9@sha256:dfc089d7a360ce8741058710348f5bcd14d3644fb8f47616195e1ee25bf2d6c6_amd64",
"9Base-CNV-4.13:container-native-virtualization/multus-dynamic-networks-rhel9@sha256:daf59cf25c54c336cc34862a297c9bdf03e898dbede98e0f2ca34ef1afeec3aa_arm64",
"9Base-CNV-4.13:container-native-virtualization/multus-dynamic-networks-rhel9@sha256:f8294e9932f5bd8e6a5396c1cdd648c81e787788bdd30ac1a5701d383f222f4e_amd64",
"9Base-CNV-4.13:container-native-virtualization/ovs-cni-plugin-rhel9@sha256:0a2c2835ba5b828fb97e7645dd68f03a14c308a470e7147c6174d8d5ada11de0_amd64",
"9Base-CNV-4.13:container-native-virtualization/ovs-cni-plugin-rhel9@sha256:96d1fc0366532f53aeab7438d4805807964d79188ad240a116e891075aaa4512_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-api-rhel9@sha256:10de7c74d019f1146ddb93943810037849a1132b4c4df61b5f4184c3ecf9e69c_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-api-rhel9@sha256:c169c2406713b935ef99db16ac25546c56c35407fbe2c9700b08a85310ad0fe6_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-artifacts-server-rhel9@sha256:905d1c79e6577e9e5dba896ca6b24914b8bdf203f84fb6d2107b8ffaeeb60de4_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:d3a725b602d28a5fae21e03d629706baf0c171ecc7798cdb9fc2b82ca9e12474_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-cloner-rhel9@sha256:5bdea09f1c761544b93f7253a84bda794f518276f5fb11cde5dc188b1dc536ce_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-cloner-rhel9@sha256:e214218ed2008370a3e17889780171890dbe21baec315d3b87903ad9d3c06ee3_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-controller-rhel9@sha256:071c30274715467149dbb835cdbca395d48e41b98bdaaff3a261fb82cd2bf471_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-controller-rhel9@sha256:292e78073b80e1559110c267a25dc3c5000f767046aea2c6d18f7a6bfdd2a3f6_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-importer-rhel9@sha256:8d3ac293847b9314980a9142645cb69c541263eea18efb85a1872a56a061d0f1_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-importer-rhel9@sha256:c0629b38e9cfea842fe0c1b2a90c9750b31242ac7a71ae51418068f69bb51424_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-operator-rhel9@sha256:7c3a59429cb99215aec23cb956a1871ebe1d9e62197120e716b5bcc2e1dd6964_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-operator-rhel9@sha256:fdbd6dc5be9638ffdbb1aef724d6a46ec2ba1beb6e16c089d4d05fb28aa4f794_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7a171c401dfeb5552805ac3b4038f0ef341ef7655e36e71897ab6e6682fa3bc5_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7b21effa6d3e7e6852eda6df2bdb932f844278737c5926c7ec5645c2722786dc_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:74f7c60a7c34d8af32b082f02e7f7338efafe0792ba386b2703f05ac1a7c49c2_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:8f7d079101239ef1071771bcb3122c51134b4fd06dab34a1ea6e8454492045c7_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-controller-rhel9@sha256:71a719d5eaa4db12b17f602bcf2d3231fcd9a47cc631153b44e8f22ce1e1f307_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-controller-rhel9@sha256:f40ccbed7cb8c6c488cae4c8e569789a508e4e9c490dba4e8aca667b7ae95853_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportproxy-rhel9@sha256:716b79da2f6ce3e9ee19bd3a1e9932afcfbeb0395783c0de492da49e1f26fc5b_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportproxy-rhel9@sha256:9b03b296b984ca9140224eb0158fab9e77a6645cc43ab4207de891a538eb1300_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportserver-rhel9@sha256:048303ba05b860b512848c5cfc9ca03c4106781a4d8aff9c3255b48af9391886_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportserver-rhel9@sha256:60a187ab354a59e5cb367e313e62a36ee6a674141ae04526d3e7a29152792d7e_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-handler-rhel9@sha256:28c43deef9f4b766bbcfdd97c3ace0945c12e446775ba842287bb633b4e9936d_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-handler-rhel9@sha256:dd73561b49637055dc43c0659f89f969bd45761993586bed9e19ef13e2479708_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-launcher-rhel9@sha256:d8609dd0052664ee59e4bb91b3548ac589b487ca4ebcb91bda42ba52ff62b6db_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-launcher-rhel9@sha256:f9841e11df1c4a2eb6c5b90c6540ca3af8de2a5f6249fd2793e7f632e420f848_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-operator-rhel9@sha256:dfc42f4a3243e8533c62f6d8314b6878d8a8f10d46d5481537848b9187b5a4cd_amd64",
"9Base-CNV-4.13:container-native-virtualization/virtio-win-rhel9@sha256:b0ee06ec0f4764f15ab360c8915f4b4110073a9501f5901ce6acd0051df6e868_amd64",
"9Base-CNV-4.13:container-native-virtualization/virtio-win-rhel9@sha256:c38ad9283ef7dbddaa430538cd5ab694721b3d60c2115c019a5c49cf1b936649_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-console-proxy-rhel9@sha256:1b53c2b30db706797bdb1c5d6f08e8e66e009eb87ee5c3ace6196e8940c6a43a_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-console-proxy-rhel9@sha256:91cad92cf5849d910a26ca8d704963372818f23619656032893291530633935c_amd64",
"9Base-CNV-4.13:container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:52aac6b150521d0aa2b7ac6627c75dab0e55e8aa96690afa2d8818ff3262faf0_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:ac207fe8bbbbeb066a604246da46bdec218aa90fef62e490c047cc60ab5b222f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-28T13:45:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-CNV-4.13:container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:44425d1d119a2f9cb64dfad35ef5699b246ac4373e13c3184db67e53c7de4c01_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:5a053e4919a82d77a3b889ea0d67e2cb8fcdb3c0490eaaee2a2c6695ff7b8bc3_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7522"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"9Base-CNV-4.13:container-native-virtualization/bridge-marker-rhel9@sha256:0e71d3c240537211edc18dfdfb3e5a3eca9f88a53ee3fd7d58dc18074644a69c_amd64",
"9Base-CNV-4.13:container-native-virtualization/bridge-marker-rhel9@sha256:d85a4f8ec1cea7bba6575be9984f48fce5a4600b562fb072780719f1bc5ed80e_arm64",
"9Base-CNV-4.13:container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:107d04e43edd1399d48742b8830dcba237809320a1fec8b4f68782b0efc2fd86_arm64",
"9Base-CNV-4.13:container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:f559d2bdbd8487f726498d10f96a3951f0e44b7c063939cabfca16e74c35bd68_amd64",
"9Base-CNV-4.13:container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64",
"9Base-CNV-4.13:container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:92c79fa3527d94798647e08d652d3efa3de951792938514d1c975216a9deb6b1_amd64",
"9Base-CNV-4.13:container-native-virtualization/cnv-must-gather-rhel9@sha256:01237c51aae3adceeea01460602c5bb900357444cae56ae0e22e99c818435692_arm64",
"9Base-CNV-4.13:container-native-virtualization/cnv-must-gather-rhel9@sha256:1fe01e810e8e7b6b86d60199113bd59ca65fe92f7619c9fb7e953ac6eef5d3e3_amd64",
"9Base-CNV-4.13:container-native-virtualization/hco-bundle-registry-rhel9@sha256:1b696ba369b10f370f5e13d5cb86cacd34fae5406454e2f89a91708b34efd350_arm64",
"9Base-CNV-4.13:container-native-virtualization/hco-bundle-registry-rhel9@sha256:bd1138c5193f4141105fdf665bf60693631ee6edafa8688cd541534fb8b4da88_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-csi-driver-rhel9@sha256:4d3b8bc4aebf94a9fd4247bca243e7a19e9bc7ddb0060f3020eaae90a4d3b554_arm64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-csi-driver-rhel9@sha256:67a15301595b1552963b684a2bdcbabd0b7c9f64efea05a22f1defaeb802e000_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:46935d95ae6c7861756fee7c4026d7877d6991ae7d237aeade91694c98ececd6_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:91d2e6eb9652199683914aa039cb9e1df6f17f1c9a4c8bde03cb8dbf146cf66e_arm64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-rhel9@sha256:9ebff9a91c3fb8018cafc2f47834375575921677a1dd30b5d4b8205a3fc9b08e_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-rhel9@sha256:a66f5bdcf12014dc03a240fcdb800545c992b7f6b3fe8471b10431e98ab1abc9_arm64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:01630384f181e43217d435dcc0ae92e137bf976876690b68c442e59cc4b50d80_amd64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:18d5ce221b8b2c938b2d52d6751e4679b57a7723ff02698ab0fce89c4c160bd9_arm64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:380f2d6a3b273717a130ff60531efbcbad5031b503d6be70e74f0dad77e61e48_amd64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:ab8e7f2fac2870e0ac55a6b22ecac1120db26f9203687588be13ad3e644835a3_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubemacpool-rhel9@sha256:81e70858aab8bda6cc23788eab031ec38b00b45fb87a4358a98d11f511030396_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubesecondarydns-rhel9@sha256:a82f6e4ae5e2f3f26e81b5ed030a892c48165a69584cdb636bc281c2f63ab3f0_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubesecondarydns-rhel9@sha256:c7f3ad8727cda85d27466ccba129d0835e2a40cd23a1104e5d688887144d0eac_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:44425d1d119a2f9cb64dfad35ef5699b246ac4373e13c3184db67e53c7de4c01_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:5a053e4919a82d77a3b889ea0d67e2cb8fcdb3c0490eaaee2a2c6695ff7b8bc3_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:eb09be5eb5cc9c61ac72e16d868001911cb900cee4e0d4b33e0e1bf2121b8bd1_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:ebf7a7fccbcfde5a5e41789bc6674b956b24f9ea467b0b1a78c8e4edf3ef84b0_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:10505edee0e2e0deedb789149d5393da6a654dd509b01eaec0831fa687efdafd_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:29923097262e92e2ea605816ab5dc49a8e391da69443d874ddb79202b9af51cf_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:13618d47989e341d083ccfc8562031fa70c1b40c74962cbab719b2dd0816554d_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:9ba387cfd3ac34a6feb5dca25702a9a5361dfe81b4c4837fb916ec25952d4c39_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:a1c68142038f9c1e8c09d0160c2c419900a672ebfdf6ca2ed8654f7111b39ea9_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e12388f059afbd197b3d522f078c98ca78b937d6306b73e1797eedf838f8ba5_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e6271542b1628a195ea3fbe5eaba8344d395c861c2ecfc71d1f031dd41aa79c_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:326c0ae083455c35ea6af7a7e81d4fe345fb0eeb9dfa141b32c53e9679cce929_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:ad8302605f2ad0bd58cdc6ccf3121cd5d626b4cda25fa879cf6baf340f60e5e1_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:8d70b6abac3ed0f2af3b2ce2017ca6a26619e2bbf57ffd91137448a3195d1061_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:d418e632cbce9b80986597698fec46298f5c4543d886b22b66b2d29367915456_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:eee2a83077e00faba6b8ae62dce61b2e03cb5a19a68a724b55b2ea70b709302d_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:18c1bba00e243364d013c4d113c0685a9d5097111a296c0c01883b5440d44e56_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:1969c2916efecbd6422f5e994dd6950295e87addfc82ab02fc7d336087ff7bd0_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:58432b96b2bd469584d3c5492a4bf2b932276ea4d32ce19f9fd123bc6c5a1d93_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:7aefe2a125e668580ed6b175c5d650c2d14df33718a45081a5cb3f415787e348_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:8e5b9f9ff73f7a8665bd463e4fe1c7a3672760c552ca52e5a81975a13ef20fa5_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-template-validator-rhel9@sha256:c98f4ef7277902010d91f6a0c9dee0c1773e61a60754204fa6463ff92e1ded80_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-template-validator-rhel9@sha256:f1e61b9acc97c059a5976ef1a1a88ece74ce2032726a86822bc376381ab67ad3_arm64",
"9Base-CNV-4.13:container-native-virtualization/libguestfs-tools-rhel9@sha256:5baa2f7b1d1041ca38a51bc2afd7657a5e9ac485f1cc676cdbb4f1ab39782d04_arm64",
"9Base-CNV-4.13:container-native-virtualization/libguestfs-tools-rhel9@sha256:dfc089d7a360ce8741058710348f5bcd14d3644fb8f47616195e1ee25bf2d6c6_amd64",
"9Base-CNV-4.13:container-native-virtualization/multus-dynamic-networks-rhel9@sha256:daf59cf25c54c336cc34862a297c9bdf03e898dbede98e0f2ca34ef1afeec3aa_arm64",
"9Base-CNV-4.13:container-native-virtualization/multus-dynamic-networks-rhel9@sha256:f8294e9932f5bd8e6a5396c1cdd648c81e787788bdd30ac1a5701d383f222f4e_amd64",
"9Base-CNV-4.13:container-native-virtualization/ovs-cni-plugin-rhel9@sha256:0a2c2835ba5b828fb97e7645dd68f03a14c308a470e7147c6174d8d5ada11de0_amd64",
"9Base-CNV-4.13:container-native-virtualization/ovs-cni-plugin-rhel9@sha256:96d1fc0366532f53aeab7438d4805807964d79188ad240a116e891075aaa4512_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-api-rhel9@sha256:10de7c74d019f1146ddb93943810037849a1132b4c4df61b5f4184c3ecf9e69c_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-api-rhel9@sha256:c169c2406713b935ef99db16ac25546c56c35407fbe2c9700b08a85310ad0fe6_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-artifacts-server-rhel9@sha256:905d1c79e6577e9e5dba896ca6b24914b8bdf203f84fb6d2107b8ffaeeb60de4_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:d3a725b602d28a5fae21e03d629706baf0c171ecc7798cdb9fc2b82ca9e12474_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-cloner-rhel9@sha256:5bdea09f1c761544b93f7253a84bda794f518276f5fb11cde5dc188b1dc536ce_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-cloner-rhel9@sha256:e214218ed2008370a3e17889780171890dbe21baec315d3b87903ad9d3c06ee3_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-controller-rhel9@sha256:071c30274715467149dbb835cdbca395d48e41b98bdaaff3a261fb82cd2bf471_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-controller-rhel9@sha256:292e78073b80e1559110c267a25dc3c5000f767046aea2c6d18f7a6bfdd2a3f6_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-importer-rhel9@sha256:8d3ac293847b9314980a9142645cb69c541263eea18efb85a1872a56a061d0f1_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-importer-rhel9@sha256:c0629b38e9cfea842fe0c1b2a90c9750b31242ac7a71ae51418068f69bb51424_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-operator-rhel9@sha256:7c3a59429cb99215aec23cb956a1871ebe1d9e62197120e716b5bcc2e1dd6964_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-operator-rhel9@sha256:fdbd6dc5be9638ffdbb1aef724d6a46ec2ba1beb6e16c089d4d05fb28aa4f794_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7a171c401dfeb5552805ac3b4038f0ef341ef7655e36e71897ab6e6682fa3bc5_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7b21effa6d3e7e6852eda6df2bdb932f844278737c5926c7ec5645c2722786dc_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:74f7c60a7c34d8af32b082f02e7f7338efafe0792ba386b2703f05ac1a7c49c2_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:8f7d079101239ef1071771bcb3122c51134b4fd06dab34a1ea6e8454492045c7_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-controller-rhel9@sha256:71a719d5eaa4db12b17f602bcf2d3231fcd9a47cc631153b44e8f22ce1e1f307_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-controller-rhel9@sha256:f40ccbed7cb8c6c488cae4c8e569789a508e4e9c490dba4e8aca667b7ae95853_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportproxy-rhel9@sha256:716b79da2f6ce3e9ee19bd3a1e9932afcfbeb0395783c0de492da49e1f26fc5b_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportproxy-rhel9@sha256:9b03b296b984ca9140224eb0158fab9e77a6645cc43ab4207de891a538eb1300_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportserver-rhel9@sha256:048303ba05b860b512848c5cfc9ca03c4106781a4d8aff9c3255b48af9391886_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportserver-rhel9@sha256:60a187ab354a59e5cb367e313e62a36ee6a674141ae04526d3e7a29152792d7e_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-handler-rhel9@sha256:28c43deef9f4b766bbcfdd97c3ace0945c12e446775ba842287bb633b4e9936d_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-handler-rhel9@sha256:dd73561b49637055dc43c0659f89f969bd45761993586bed9e19ef13e2479708_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-launcher-rhel9@sha256:d8609dd0052664ee59e4bb91b3548ac589b487ca4ebcb91bda42ba52ff62b6db_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-launcher-rhel9@sha256:f9841e11df1c4a2eb6c5b90c6540ca3af8de2a5f6249fd2793e7f632e420f848_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-operator-rhel9@sha256:dfc42f4a3243e8533c62f6d8314b6878d8a8f10d46d5481537848b9187b5a4cd_amd64",
"9Base-CNV-4.13:container-native-virtualization/virtio-win-rhel9@sha256:b0ee06ec0f4764f15ab360c8915f4b4110073a9501f5901ce6acd0051df6e868_amd64",
"9Base-CNV-4.13:container-native-virtualization/virtio-win-rhel9@sha256:c38ad9283ef7dbddaa430538cd5ab694721b3d60c2115c019a5c49cf1b936649_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-console-proxy-rhel9@sha256:1b53c2b30db706797bdb1c5d6f08e8e66e009eb87ee5c3ace6196e8940c6a43a_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-console-proxy-rhel9@sha256:91cad92cf5849d910a26ca8d704963372818f23619656032893291530633935c_amd64",
"9Base-CNV-4.13:container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:52aac6b150521d0aa2b7ac6627c75dab0e55e8aa96690afa2d8818ff3262faf0_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:ac207fe8bbbbeb066a604246da46bdec218aa90fef62e490c047cc60ab5b222f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-CNV-4.13:container-native-virtualization/bridge-marker-rhel9@sha256:0e71d3c240537211edc18dfdfb3e5a3eca9f88a53ee3fd7d58dc18074644a69c_amd64",
"9Base-CNV-4.13:container-native-virtualization/bridge-marker-rhel9@sha256:d85a4f8ec1cea7bba6575be9984f48fce5a4600b562fb072780719f1bc5ed80e_arm64",
"9Base-CNV-4.13:container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:107d04e43edd1399d48742b8830dcba237809320a1fec8b4f68782b0efc2fd86_arm64",
"9Base-CNV-4.13:container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:f559d2bdbd8487f726498d10f96a3951f0e44b7c063939cabfca16e74c35bd68_amd64",
"9Base-CNV-4.13:container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64",
"9Base-CNV-4.13:container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:92c79fa3527d94798647e08d652d3efa3de951792938514d1c975216a9deb6b1_amd64",
"9Base-CNV-4.13:container-native-virtualization/cnv-must-gather-rhel9@sha256:01237c51aae3adceeea01460602c5bb900357444cae56ae0e22e99c818435692_arm64",
"9Base-CNV-4.13:container-native-virtualization/cnv-must-gather-rhel9@sha256:1fe01e810e8e7b6b86d60199113bd59ca65fe92f7619c9fb7e953ac6eef5d3e3_amd64",
"9Base-CNV-4.13:container-native-virtualization/hco-bundle-registry-rhel9@sha256:1b696ba369b10f370f5e13d5cb86cacd34fae5406454e2f89a91708b34efd350_arm64",
"9Base-CNV-4.13:container-native-virtualization/hco-bundle-registry-rhel9@sha256:bd1138c5193f4141105fdf665bf60693631ee6edafa8688cd541534fb8b4da88_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-csi-driver-rhel9@sha256:4d3b8bc4aebf94a9fd4247bca243e7a19e9bc7ddb0060f3020eaae90a4d3b554_arm64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-csi-driver-rhel9@sha256:67a15301595b1552963b684a2bdcbabd0b7c9f64efea05a22f1defaeb802e000_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:46935d95ae6c7861756fee7c4026d7877d6991ae7d237aeade91694c98ececd6_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:91d2e6eb9652199683914aa039cb9e1df6f17f1c9a4c8bde03cb8dbf146cf66e_arm64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-rhel9@sha256:9ebff9a91c3fb8018cafc2f47834375575921677a1dd30b5d4b8205a3fc9b08e_amd64",
"9Base-CNV-4.13:container-native-virtualization/hostpath-provisioner-rhel9@sha256:a66f5bdcf12014dc03a240fcdb800545c992b7f6b3fe8471b10431e98ab1abc9_arm64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:01630384f181e43217d435dcc0ae92e137bf976876690b68c442e59cc4b50d80_amd64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:18d5ce221b8b2c938b2d52d6751e4679b57a7723ff02698ab0fce89c4c160bd9_arm64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:380f2d6a3b273717a130ff60531efbcbad5031b503d6be70e74f0dad77e61e48_amd64",
"9Base-CNV-4.13:container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:ab8e7f2fac2870e0ac55a6b22ecac1120db26f9203687588be13ad3e644835a3_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubemacpool-rhel9@sha256:81e70858aab8bda6cc23788eab031ec38b00b45fb87a4358a98d11f511030396_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubesecondarydns-rhel9@sha256:a82f6e4ae5e2f3f26e81b5ed030a892c48165a69584cdb636bc281c2f63ab3f0_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubesecondarydns-rhel9@sha256:c7f3ad8727cda85d27466ccba129d0835e2a40cd23a1104e5d688887144d0eac_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:44425d1d119a2f9cb64dfad35ef5699b246ac4373e13c3184db67e53c7de4c01_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:5a053e4919a82d77a3b889ea0d67e2cb8fcdb3c0490eaaee2a2c6695ff7b8bc3_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:eb09be5eb5cc9c61ac72e16d868001911cb900cee4e0d4b33e0e1bf2121b8bd1_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:ebf7a7fccbcfde5a5e41789bc6674b956b24f9ea467b0b1a78c8e4edf3ef84b0_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:10505edee0e2e0deedb789149d5393da6a654dd509b01eaec0831fa687efdafd_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:29923097262e92e2ea605816ab5dc49a8e391da69443d874ddb79202b9af51cf_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:13618d47989e341d083ccfc8562031fa70c1b40c74962cbab719b2dd0816554d_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:9ba387cfd3ac34a6feb5dca25702a9a5361dfe81b4c4837fb916ec25952d4c39_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:a1c68142038f9c1e8c09d0160c2c419900a672ebfdf6ca2ed8654f7111b39ea9_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e12388f059afbd197b3d522f078c98ca78b937d6306b73e1797eedf838f8ba5_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e6271542b1628a195ea3fbe5eaba8344d395c861c2ecfc71d1f031dd41aa79c_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:326c0ae083455c35ea6af7a7e81d4fe345fb0eeb9dfa141b32c53e9679cce929_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:ad8302605f2ad0bd58cdc6ccf3121cd5d626b4cda25fa879cf6baf340f60e5e1_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:8d70b6abac3ed0f2af3b2ce2017ca6a26619e2bbf57ffd91137448a3195d1061_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:d418e632cbce9b80986597698fec46298f5c4543d886b22b66b2d29367915456_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:eee2a83077e00faba6b8ae62dce61b2e03cb5a19a68a724b55b2ea70b709302d_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:18c1bba00e243364d013c4d113c0685a9d5097111a296c0c01883b5440d44e56_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:1969c2916efecbd6422f5e994dd6950295e87addfc82ab02fc7d336087ff7bd0_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:58432b96b2bd469584d3c5492a4bf2b932276ea4d32ce19f9fd123bc6c5a1d93_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:7aefe2a125e668580ed6b175c5d650c2d14df33718a45081a5cb3f415787e348_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:8e5b9f9ff73f7a8665bd463e4fe1c7a3672760c552ca52e5a81975a13ef20fa5_arm64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-template-validator-rhel9@sha256:c98f4ef7277902010d91f6a0c9dee0c1773e61a60754204fa6463ff92e1ded80_amd64",
"9Base-CNV-4.13:container-native-virtualization/kubevirt-template-validator-rhel9@sha256:f1e61b9acc97c059a5976ef1a1a88ece74ce2032726a86822bc376381ab67ad3_arm64",
"9Base-CNV-4.13:container-native-virtualization/libguestfs-tools-rhel9@sha256:5baa2f7b1d1041ca38a51bc2afd7657a5e9ac485f1cc676cdbb4f1ab39782d04_arm64",
"9Base-CNV-4.13:container-native-virtualization/libguestfs-tools-rhel9@sha256:dfc089d7a360ce8741058710348f5bcd14d3644fb8f47616195e1ee25bf2d6c6_amd64",
"9Base-CNV-4.13:container-native-virtualization/multus-dynamic-networks-rhel9@sha256:daf59cf25c54c336cc34862a297c9bdf03e898dbede98e0f2ca34ef1afeec3aa_arm64",
"9Base-CNV-4.13:container-native-virtualization/multus-dynamic-networks-rhel9@sha256:f8294e9932f5bd8e6a5396c1cdd648c81e787788bdd30ac1a5701d383f222f4e_amd64",
"9Base-CNV-4.13:container-native-virtualization/ovs-cni-plugin-rhel9@sha256:0a2c2835ba5b828fb97e7645dd68f03a14c308a470e7147c6174d8d5ada11de0_amd64",
"9Base-CNV-4.13:container-native-virtualization/ovs-cni-plugin-rhel9@sha256:96d1fc0366532f53aeab7438d4805807964d79188ad240a116e891075aaa4512_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-api-rhel9@sha256:10de7c74d019f1146ddb93943810037849a1132b4c4df61b5f4184c3ecf9e69c_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-api-rhel9@sha256:c169c2406713b935ef99db16ac25546c56c35407fbe2c9700b08a85310ad0fe6_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-artifacts-server-rhel9@sha256:905d1c79e6577e9e5dba896ca6b24914b8bdf203f84fb6d2107b8ffaeeb60de4_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:d3a725b602d28a5fae21e03d629706baf0c171ecc7798cdb9fc2b82ca9e12474_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-cloner-rhel9@sha256:5bdea09f1c761544b93f7253a84bda794f518276f5fb11cde5dc188b1dc536ce_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-cloner-rhel9@sha256:e214218ed2008370a3e17889780171890dbe21baec315d3b87903ad9d3c06ee3_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-controller-rhel9@sha256:071c30274715467149dbb835cdbca395d48e41b98bdaaff3a261fb82cd2bf471_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-controller-rhel9@sha256:292e78073b80e1559110c267a25dc3c5000f767046aea2c6d18f7a6bfdd2a3f6_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-importer-rhel9@sha256:8d3ac293847b9314980a9142645cb69c541263eea18efb85a1872a56a061d0f1_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-importer-rhel9@sha256:c0629b38e9cfea842fe0c1b2a90c9750b31242ac7a71ae51418068f69bb51424_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-operator-rhel9@sha256:7c3a59429cb99215aec23cb956a1871ebe1d9e62197120e716b5bcc2e1dd6964_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-operator-rhel9@sha256:fdbd6dc5be9638ffdbb1aef724d6a46ec2ba1beb6e16c089d4d05fb28aa4f794_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7a171c401dfeb5552805ac3b4038f0ef341ef7655e36e71897ab6e6682fa3bc5_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:7b21effa6d3e7e6852eda6df2bdb932f844278737c5926c7ec5645c2722786dc_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:74f7c60a7c34d8af32b082f02e7f7338efafe0792ba386b2703f05ac1a7c49c2_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:8f7d079101239ef1071771bcb3122c51134b4fd06dab34a1ea6e8454492045c7_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-controller-rhel9@sha256:71a719d5eaa4db12b17f602bcf2d3231fcd9a47cc631153b44e8f22ce1e1f307_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-controller-rhel9@sha256:f40ccbed7cb8c6c488cae4c8e569789a508e4e9c490dba4e8aca667b7ae95853_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportproxy-rhel9@sha256:716b79da2f6ce3e9ee19bd3a1e9932afcfbeb0395783c0de492da49e1f26fc5b_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportproxy-rhel9@sha256:9b03b296b984ca9140224eb0158fab9e77a6645cc43ab4207de891a538eb1300_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportserver-rhel9@sha256:048303ba05b860b512848c5cfc9ca03c4106781a4d8aff9c3255b48af9391886_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-exportserver-rhel9@sha256:60a187ab354a59e5cb367e313e62a36ee6a674141ae04526d3e7a29152792d7e_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-handler-rhel9@sha256:28c43deef9f4b766bbcfdd97c3ace0945c12e446775ba842287bb633b4e9936d_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-handler-rhel9@sha256:dd73561b49637055dc43c0659f89f969bd45761993586bed9e19ef13e2479708_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-launcher-rhel9@sha256:d8609dd0052664ee59e4bb91b3548ac589b487ca4ebcb91bda42ba52ff62b6db_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-launcher-rhel9@sha256:f9841e11df1c4a2eb6c5b90c6540ca3af8de2a5f6249fd2793e7f632e420f848_amd64",
"9Base-CNV-4.13:container-native-virtualization/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42_arm64",
"9Base-CNV-4.13:container-native-virtualization/virt-operator-rhel9@sha256:dfc42f4a3243e8533c62f6d8314b6878d8a8f10d46d5481537848b9187b5a4cd_amd64",
"9Base-CNV-4.13:container-native-virtualization/virtio-win-rhel9@sha256:b0ee06ec0f4764f15ab360c8915f4b4110073a9501f5901ce6acd0051df6e868_amd64",
"9Base-CNV-4.13:container-native-virtualization/virtio-win-rhel9@sha256:c38ad9283ef7dbddaa430538cd5ab694721b3d60c2115c019a5c49cf1b936649_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-console-proxy-rhel9@sha256:1b53c2b30db706797bdb1c5d6f08e8e66e009eb87ee5c3ace6196e8940c6a43a_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-console-proxy-rhel9@sha256:91cad92cf5849d910a26ca8d704963372818f23619656032893291530633935c_amd64",
"9Base-CNV-4.13:container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:52aac6b150521d0aa2b7ac6627c75dab0e55e8aa96690afa2d8818ff3262faf0_arm64",
"9Base-CNV-4.13:container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:ac207fe8bbbbeb066a604246da46bdec218aa90fef62e490c047cc60ab5b222f_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:7555
Vulnerability from csaf_redhat - Published: 2023-11-28 18:50 - Updated: 2026-06-25 07:59Summary
Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.3.0 security update
Severity
Important
Notes
Topic: OpenShift API for Data Protection (OADP) 1.3.0 is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* opentelemetry: DoS vulnerability in otelhttp (CVE-2023-45142)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:0d0b1ab0e8c287286f19ce71d9aacba69510826347f4dda5e0ff7a2be0ef6c88_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:5b149e2f215085f5b969bde093fcac250682d48ccd2d1e671d55e945e02c5c24_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f68841818eebf6fd794a4766fcaddacc7476b02e5248a25db45ee325b9dbd682_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:063111faad5ce211e11c5eb2d61559d0b9a89178cdf86377e38599e7232d55d2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:a4995bf30e14bcc454a978199f4b6b9fbdcb5668dd80ebaa05cd8b4d64486856_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:24a009a20c555e5da425a4127ac944907db6a70e733bfd7d4009406430d2e615_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:a355c4029f781a38c9d0878fcfae79191751aafe63a88d0f7b00df66520fac6c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:be8c3101ff144d717007d7871457df69e1158c993c8b4fe5deac7294b939e3ee_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:0e82ac7f8380539bbc82507e7ef55d9a97d79eaeb8c3c0ada81e6dddd29b19eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:2a9f38ceaf22ef7d06a072b6a590a63ad7169f9e5936ca81236723cae5f679e5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:857e46130a3b0be6d76d45531518e44e59d3a10cfe635fd602b1e28c1d9f5ee8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:5d7cb76f4424c2208d9aee8368b960137d69d173caf88c1c5c63b1880374550b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d8772fc1fb3f4597dc0e0c0de6986cd0954a61ae67830d01a1e3e7ecfef0fb22_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:f950bddfb84693a35c98df847c1ccf486a4c480207f50b6836b0d0da1cce9e05_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:62db24300066a4f25fadc6f9f2e38d5ed52053932084524021b98ade564b8a5f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:01918f08d522dcf429dfbdab99dfc0c57aa84a5073b084c5f83b6ab6dca805c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:bcc35ddbe11badbbf7fc900dbe53bd2ef3f51d867c5a64f59b7d43d1c5e801a6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:befbf80f9941cb94914184c8459853b9575a795d39d827c40593de06a67bc6a0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:197a2a9ccf5939ffc38a2e81868ccddd908a79f713f72c06e56bcb34c7dd0ca7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:35705ecc01555ec8b6deda36aca73d4a1eb0fdee12ce66f6109cbfe46a9a89b9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:492ce9081642ee43dd2de20b68f48c687bab9b23efcb6a77648f9a341687a818_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:474ed76e1544436e6708c029329f4cebc72efdcfb2e2df751c3cd917224a8e4a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:71ae5ff534f4f67cf99dedc3c21b247a3e88749fad856249e7ad746518671667_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:27778b1cea8867d0e5a1dd400fa4e605161fbaf7fa1e9eeacd63522bfd1cf5d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:3059a1db6a7041bad8c656287d8fcafc478ac15656fe95d030e9bafa967e8d9a_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:50e6ff903856253916602dbb2e2fc5d0a2cf013fb710af1fb618c09aed30d09d_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:0a37b41f0311547a307509c968071bf6449e48c42e8cdf2544e4378ac7359903_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:61f301f44a2b26dd73897046cdd9e511eaee0f026092aeb8c2b0c57a4cf3fb59_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:a47a609eb3c1a6f881592a3c080a413541c4682d60993c33f944f690095e99c7_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:e76d891b2cd11cbc1e7f033e3ec03e560759785d6cac10b07899413e4ebd4393_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
44 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:0d0b1ab0e8c287286f19ce71d9aacba69510826347f4dda5e0ff7a2be0ef6c88_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:5b149e2f215085f5b969bde093fcac250682d48ccd2d1e671d55e945e02c5c24_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f68841818eebf6fd794a4766fcaddacc7476b02e5248a25db45ee325b9dbd682_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:474ed76e1544436e6708c029329f4cebc72efdcfb2e2df751c3cd917224a8e4a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:71ae5ff534f4f67cf99dedc3c21b247a3e88749fad856249e7ad746518671667_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:27778b1cea8867d0e5a1dd400fa4e605161fbaf7fa1e9eeacd63522bfd1cf5d6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:3059a1db6a7041bad8c656287d8fcafc478ac15656fe95d030e9bafa967e8d9a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:50e6ff903856253916602dbb2e2fc5d0a2cf013fb710af1fb618c09aed30d09d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:063111faad5ce211e11c5eb2d61559d0b9a89178cdf86377e38599e7232d55d2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:a4995bf30e14bcc454a978199f4b6b9fbdcb5668dd80ebaa05cd8b4d64486856_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:24a009a20c555e5da425a4127ac944907db6a70e733bfd7d4009406430d2e615_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:a355c4029f781a38c9d0878fcfae79191751aafe63a88d0f7b00df66520fac6c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:be8c3101ff144d717007d7871457df69e1158c993c8b4fe5deac7294b939e3ee_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:0e82ac7f8380539bbc82507e7ef55d9a97d79eaeb8c3c0ada81e6dddd29b19eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:2a9f38ceaf22ef7d06a072b6a590a63ad7169f9e5936ca81236723cae5f679e5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:857e46130a3b0be6d76d45531518e44e59d3a10cfe635fd602b1e28c1d9f5ee8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:5d7cb76f4424c2208d9aee8368b960137d69d173caf88c1c5c63b1880374550b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d8772fc1fb3f4597dc0e0c0de6986cd0954a61ae67830d01a1e3e7ecfef0fb22_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:f950bddfb84693a35c98df847c1ccf486a4c480207f50b6836b0d0da1cce9e05_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:62db24300066a4f25fadc6f9f2e38d5ed52053932084524021b98ade564b8a5f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:01918f08d522dcf429dfbdab99dfc0c57aa84a5073b084c5f83b6ab6dca805c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:bcc35ddbe11badbbf7fc900dbe53bd2ef3f51d867c5a64f59b7d43d1c5e801a6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:befbf80f9941cb94914184c8459853b9575a795d39d827c40593de06a67bc6a0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:0a37b41f0311547a307509c968071bf6449e48c42e8cdf2544e4378ac7359903_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:61f301f44a2b26dd73897046cdd9e511eaee0f026092aeb8c2b0c57a4cf3fb59_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:a47a609eb3c1a6f881592a3c080a413541c4682d60993c33f944f690095e99c7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:e76d891b2cd11cbc1e7f033e3ec03e560759785d6cac10b07899413e4ebd4393_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:197a2a9ccf5939ffc38a2e81868ccddd908a79f713f72c06e56bcb34c7dd0ca7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:35705ecc01555ec8b6deda36aca73d4a1eb0fdee12ce66f6109cbfe46a9a89b9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:492ce9081642ee43dd2de20b68f48c687bab9b23efcb6a77648f9a341687a818_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A memory leak was found in the otelhttp handler of open-telemetry. This flaw allows a remote, unauthenticated attacker to exhaust the server's memory by sending many malicious requests, affecting the availability.
7.5 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:474ed76e1544436e6708c029329f4cebc72efdcfb2e2df751c3cd917224a8e4a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:71ae5ff534f4f67cf99dedc3c21b247a3e88749fad856249e7ad746518671667_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:0e82ac7f8380539bbc82507e7ef55d9a97d79eaeb8c3c0ada81e6dddd29b19eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:2a9f38ceaf22ef7d06a072b6a590a63ad7169f9e5936ca81236723cae5f679e5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:857e46130a3b0be6d76d45531518e44e59d3a10cfe635fd602b1e28c1d9f5ee8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:0a37b41f0311547a307509c968071bf6449e48c42e8cdf2544e4378ac7359903_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:61f301f44a2b26dd73897046cdd9e511eaee0f026092aeb8c2b0c57a4cf3fb59_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:a47a609eb3c1a6f881592a3c080a413541c4682d60993c33f944f690095e99c7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:e76d891b2cd11cbc1e7f033e3ec03e560759785d6cac10b07899413e4ebd4393_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:197a2a9ccf5939ffc38a2e81868ccddd908a79f713f72c06e56bcb34c7dd0ca7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:35705ecc01555ec8b6deda36aca73d4a1eb0fdee12ce66f6109cbfe46a9a89b9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:492ce9081642ee43dd2de20b68f48c687bab9b23efcb6a77648f9a341687a818_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:0d0b1ab0e8c287286f19ce71d9aacba69510826347f4dda5e0ff7a2be0ef6c88_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:5b149e2f215085f5b969bde093fcac250682d48ccd2d1e671d55e945e02c5c24_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f68841818eebf6fd794a4766fcaddacc7476b02e5248a25db45ee325b9dbd682_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:27778b1cea8867d0e5a1dd400fa4e605161fbaf7fa1e9eeacd63522bfd1cf5d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:3059a1db6a7041bad8c656287d8fcafc478ac15656fe95d030e9bafa967e8d9a_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:50e6ff903856253916602dbb2e2fc5d0a2cf013fb710af1fb618c09aed30d09d_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:063111faad5ce211e11c5eb2d61559d0b9a89178cdf86377e38599e7232d55d2_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:a4995bf30e14bcc454a978199f4b6b9fbdcb5668dd80ebaa05cd8b4d64486856_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:24a009a20c555e5da425a4127ac944907db6a70e733bfd7d4009406430d2e615_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:a355c4029f781a38c9d0878fcfae79191751aafe63a88d0f7b00df66520fac6c_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:be8c3101ff144d717007d7871457df69e1158c993c8b4fe5deac7294b939e3ee_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:5d7cb76f4424c2208d9aee8368b960137d69d173caf88c1c5c63b1880374550b_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d8772fc1fb3f4597dc0e0c0de6986cd0954a61ae67830d01a1e3e7ecfef0fb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:f950bddfb84693a35c98df847c1ccf486a4c480207f50b6836b0d0da1cce9e05_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:62db24300066a4f25fadc6f9f2e38d5ed52053932084524021b98ade564b8a5f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:01918f08d522dcf429dfbdab99dfc0c57aa84a5073b084c5f83b6ab6dca805c3_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:bcc35ddbe11badbbf7fc900dbe53bd2ef3f51d867c5a64f59b7d43d1c5e801a6_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:befbf80f9941cb94914184c8459853b9575a795d39d827c40593de06a67bc6a0_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
References
57 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "OpenShift API for Data Protection (OADP) 1.3.0 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* opentelemetry: DoS vulnerability in otelhttp (CVE-2023-45142)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7555",
"url": "https://access.redhat.com/errata/RHSA-2023:7555"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "2245180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245180"
},
{
"category": "external",
"summary": "OADP-1167",
"url": "https://issues.redhat.com/browse/OADP-1167"
},
{
"category": "external",
"summary": "OADP-2308",
"url": "https://issues.redhat.com/browse/OADP-2308"
},
{
"category": "external",
"summary": "OADP-2360",
"url": "https://issues.redhat.com/browse/OADP-2360"
},
{
"category": "external",
"summary": "OADP-2450",
"url": "https://issues.redhat.com/browse/OADP-2450"
},
{
"category": "external",
"summary": "OADP-2607",
"url": "https://issues.redhat.com/browse/OADP-2607"
},
{
"category": "external",
"summary": "OADP-2635",
"url": "https://issues.redhat.com/browse/OADP-2635"
},
{
"category": "external",
"summary": "OADP-2679",
"url": "https://issues.redhat.com/browse/OADP-2679"
},
{
"category": "external",
"summary": "OADP-2680",
"url": "https://issues.redhat.com/browse/OADP-2680"
},
{
"category": "external",
"summary": "OADP-2681",
"url": "https://issues.redhat.com/browse/OADP-2681"
},
{
"category": "external",
"summary": "OADP-2686",
"url": "https://issues.redhat.com/browse/OADP-2686"
},
{
"category": "external",
"summary": "OADP-2688",
"url": "https://issues.redhat.com/browse/OADP-2688"
},
{
"category": "external",
"summary": "OADP-2696",
"url": "https://issues.redhat.com/browse/OADP-2696"
},
{
"category": "external",
"summary": "OADP-2717",
"url": "https://issues.redhat.com/browse/OADP-2717"
},
{
"category": "external",
"summary": "OADP-2721",
"url": "https://issues.redhat.com/browse/OADP-2721"
},
{
"category": "external",
"summary": "OADP-2741",
"url": "https://issues.redhat.com/browse/OADP-2741"
},
{
"category": "external",
"summary": "OADP-2742",
"url": "https://issues.redhat.com/browse/OADP-2742"
},
{
"category": "external",
"summary": "OADP-2774",
"url": "https://issues.redhat.com/browse/OADP-2774"
},
{
"category": "external",
"summary": "OADP-2790",
"url": "https://issues.redhat.com/browse/OADP-2790"
},
{
"category": "external",
"summary": "OADP-2796",
"url": "https://issues.redhat.com/browse/OADP-2796"
},
{
"category": "external",
"summary": "OADP-2819",
"url": "https://issues.redhat.com/browse/OADP-2819"
},
{
"category": "external",
"summary": "OADP-2856",
"url": "https://issues.redhat.com/browse/OADP-2856"
},
{
"category": "external",
"summary": "OADP-2862",
"url": "https://issues.redhat.com/browse/OADP-2862"
},
{
"category": "external",
"summary": "OADP-2921",
"url": "https://issues.redhat.com/browse/OADP-2921"
},
{
"category": "external",
"summary": "OADP-2959",
"url": "https://issues.redhat.com/browse/OADP-2959"
},
{
"category": "external",
"summary": "OADP-2981",
"url": "https://issues.redhat.com/browse/OADP-2981"
},
{
"category": "external",
"summary": "OADP-2983",
"url": "https://issues.redhat.com/browse/OADP-2983"
},
{
"category": "external",
"summary": "OADP-3053",
"url": "https://issues.redhat.com/browse/OADP-3053"
},
{
"category": "external",
"summary": "OADP-3054",
"url": "https://issues.redhat.com/browse/OADP-3054"
},
{
"category": "external",
"summary": "OADP-446",
"url": "https://issues.redhat.com/browse/OADP-446"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7555.json"
}
],
"title": "Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.3.0 security update",
"tracking": {
"current_release_date": "2026-06-25T07:59:07+00:00",
"generator": {
"date": "2026-06-25T07:59:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2023:7555",
"initial_release_date": "2023-11-28T18:50:01+00:00",
"revision_history": [
{
"date": "2023-11-28T18:50:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-28T18:50:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-25T07:59:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "9Base-OADP-1.3",
"product": {
"name": "9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_api_data_protection:1.3::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift API for Data Protection"
},
{
"branches": [
{
"category": "product_version",
"name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f68841818eebf6fd794a4766fcaddacc7476b02e5248a25db45ee325b9dbd682_s390x",
"product": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f68841818eebf6fd794a4766fcaddacc7476b02e5248a25db45ee325b9dbd682_s390x",
"product_id": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f68841818eebf6fd794a4766fcaddacc7476b02e5248a25db45ee325b9dbd682_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel9@sha256:f68841818eebf6fd794a4766fcaddacc7476b02e5248a25db45ee325b9dbd682?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9\u0026tag=1.3.0-29"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x",
"product": {
"name": "oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x",
"product_id": "oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel9\u0026tag=1.3.0-138"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-operator-bundle@sha256:3059a1db6a7041bad8c656287d8fcafc478ac15656fe95d030e9bafa967e8d9a_s390x",
"product": {
"name": "oadp/oadp-operator-bundle@sha256:3059a1db6a7041bad8c656287d8fcafc478ac15656fe95d030e9bafa967e8d9a_s390x",
"product_id": "oadp/oadp-operator-bundle@sha256:3059a1db6a7041bad8c656287d8fcafc478ac15656fe95d030e9bafa967e8d9a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-operator-bundle@sha256:3059a1db6a7041bad8c656287d8fcafc478ac15656fe95d030e9bafa967e8d9a?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.3.0-156"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-rhel9-operator@sha256:063111faad5ce211e11c5eb2d61559d0b9a89178cdf86377e38599e7232d55d2_s390x",
"product": {
"name": "oadp/oadp-rhel9-operator@sha256:063111faad5ce211e11c5eb2d61559d0b9a89178cdf86377e38599e7232d55d2_s390x",
"product_id": "oadp/oadp-rhel9-operator@sha256:063111faad5ce211e11c5eb2d61559d0b9a89178cdf86377e38599e7232d55d2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-rhel9-operator@sha256:063111faad5ce211e11c5eb2d61559d0b9a89178cdf86377e38599e7232d55d2?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-rhel9-operator\u0026tag=1.3.0-97"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-rhel9@sha256:492ce9081642ee43dd2de20b68f48c687bab9b23efcb6a77648f9a341687a818_s390x",
"product": {
"name": "oadp/oadp-velero-rhel9@sha256:492ce9081642ee43dd2de20b68f48c687bab9b23efcb6a77648f9a341687a818_s390x",
"product_id": "oadp/oadp-velero-rhel9@sha256:492ce9081642ee43dd2de20b68f48c687bab9b23efcb6a77648f9a341687a818_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-rhel9@sha256:492ce9081642ee43dd2de20b68f48c687bab9b23efcb6a77648f9a341687a818?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel9\u0026tag=1.3.0-50"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24_s390x",
"product_id": "oadp/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel9\u0026tag=1.3.0-32"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:24a009a20c555e5da425a4127ac944907db6a70e733bfd7d4009406430d2e615_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:24a009a20c555e5da425a4127ac944907db6a70e733bfd7d4009406430d2e615_s390x",
"product_id": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:24a009a20c555e5da425a4127ac944907db6a70e733bfd7d4009406430d2e615_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel9@sha256:24a009a20c555e5da425a4127ac944907db6a70e733bfd7d4009406430d2e615?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9\u0026tag=1.3.0-29"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a_s390x",
"product_id": "oadp/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel9\u0026tag=1.3.0-34"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:5d7cb76f4424c2208d9aee8368b960137d69d173caf88c1c5c63b1880374550b_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:5d7cb76f4424c2208d9aee8368b960137d69d173caf88c1c5c63b1880374550b_s390x",
"product_id": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:5d7cb76f4424c2208d9aee8368b960137d69d173caf88c1c5c63b1880374550b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel9@sha256:5d7cb76f4424c2208d9aee8368b960137d69d173caf88c1c5c63b1880374550b?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9\u0026tag=1.3.0-29"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59_s390x",
"product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9\u0026tag=1.3.0-30"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:a47a609eb3c1a6f881592a3c080a413541c4682d60993c33f944f690095e99c7_s390x",
"product": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:a47a609eb3c1a6f881592a3c080a413541c4682d60993c33f944f690095e99c7_s390x",
"product_id": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:a47a609eb3c1a6f881592a3c080a413541c4682d60993c33f944f690095e99c7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel9@sha256:a47a609eb3c1a6f881592a3c080a413541c4682d60993c33f944f690095e99c7?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9\u0026tag=1.3.0-45"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:5b149e2f215085f5b969bde093fcac250682d48ccd2d1e671d55e945e02c5c24_arm64",
"product": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:5b149e2f215085f5b969bde093fcac250682d48ccd2d1e671d55e945e02c5c24_arm64",
"product_id": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:5b149e2f215085f5b969bde093fcac250682d48ccd2d1e671d55e945e02c5c24_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel9@sha256:5b149e2f215085f5b969bde093fcac250682d48ccd2d1e671d55e945e02c5c24?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9\u0026tag=1.3.0-29"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-mustgather-rhel9@sha256:474ed76e1544436e6708c029329f4cebc72efdcfb2e2df751c3cd917224a8e4a_arm64",
"product": {
"name": "oadp/oadp-mustgather-rhel9@sha256:474ed76e1544436e6708c029329f4cebc72efdcfb2e2df751c3cd917224a8e4a_arm64",
"product_id": "oadp/oadp-mustgather-rhel9@sha256:474ed76e1544436e6708c029329f4cebc72efdcfb2e2df751c3cd917224a8e4a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-mustgather-rhel9@sha256:474ed76e1544436e6708c029329f4cebc72efdcfb2e2df751c3cd917224a8e4a?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel9\u0026tag=1.3.0-138"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-operator-bundle@sha256:50e6ff903856253916602dbb2e2fc5d0a2cf013fb710af1fb618c09aed30d09d_arm64",
"product": {
"name": "oadp/oadp-operator-bundle@sha256:50e6ff903856253916602dbb2e2fc5d0a2cf013fb710af1fb618c09aed30d09d_arm64",
"product_id": "oadp/oadp-operator-bundle@sha256:50e6ff903856253916602dbb2e2fc5d0a2cf013fb710af1fb618c09aed30d09d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-operator-bundle@sha256:50e6ff903856253916602dbb2e2fc5d0a2cf013fb710af1fb618c09aed30d09d?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.3.0-156"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64",
"product": {
"name": "oadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64",
"product_id": "oadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-rhel9-operator\u0026tag=1.3.0-97"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-rhel9@sha256:197a2a9ccf5939ffc38a2e81868ccddd908a79f713f72c06e56bcb34c7dd0ca7_arm64",
"product": {
"name": "oadp/oadp-velero-rhel9@sha256:197a2a9ccf5939ffc38a2e81868ccddd908a79f713f72c06e56bcb34c7dd0ca7_arm64",
"product_id": "oadp/oadp-velero-rhel9@sha256:197a2a9ccf5939ffc38a2e81868ccddd908a79f713f72c06e56bcb34c7dd0ca7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-rhel9@sha256:197a2a9ccf5939ffc38a2e81868ccddd908a79f713f72c06e56bcb34c7dd0ca7?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel9\u0026tag=1.3.0-50"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-rhel9@sha256:bcc35ddbe11badbbf7fc900dbe53bd2ef3f51d867c5a64f59b7d43d1c5e801a6_arm64",
"product": {
"name": "oadp/oadp-velero-plugin-rhel9@sha256:bcc35ddbe11badbbf7fc900dbe53bd2ef3f51d867c5a64f59b7d43d1c5e801a6_arm64",
"product_id": "oadp/oadp-velero-plugin-rhel9@sha256:bcc35ddbe11badbbf7fc900dbe53bd2ef3f51d867c5a64f59b7d43d1c5e801a6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-rhel9@sha256:bcc35ddbe11badbbf7fc900dbe53bd2ef3f51d867c5a64f59b7d43d1c5e801a6?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel9\u0026tag=1.3.0-32"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:be8c3101ff144d717007d7871457df69e1158c993c8b4fe5deac7294b939e3ee_arm64",
"product": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:be8c3101ff144d717007d7871457df69e1158c993c8b4fe5deac7294b939e3ee_arm64",
"product_id": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:be8c3101ff144d717007d7871457df69e1158c993c8b4fe5deac7294b939e3ee_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel9@sha256:be8c3101ff144d717007d7871457df69e1158c993c8b4fe5deac7294b939e3ee?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9\u0026tag=1.3.0-29"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-csi-rhel9@sha256:2a9f38ceaf22ef7d06a072b6a590a63ad7169f9e5936ca81236723cae5f679e5_arm64",
"product": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel9@sha256:2a9f38ceaf22ef7d06a072b6a590a63ad7169f9e5936ca81236723cae5f679e5_arm64",
"product_id": "oadp/oadp-velero-plugin-for-csi-rhel9@sha256:2a9f38ceaf22ef7d06a072b6a590a63ad7169f9e5936ca81236723cae5f679e5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel9@sha256:2a9f38ceaf22ef7d06a072b6a590a63ad7169f9e5936ca81236723cae5f679e5?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel9\u0026tag=1.3.0-34"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:f950bddfb84693a35c98df847c1ccf486a4c480207f50b6836b0d0da1cce9e05_arm64",
"product": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:f950bddfb84693a35c98df847c1ccf486a4c480207f50b6836b0d0da1cce9e05_arm64",
"product_id": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:f950bddfb84693a35c98df847c1ccf486a4c480207f50b6836b0d0da1cce9e05_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel9@sha256:f950bddfb84693a35c98df847c1ccf486a4c480207f50b6836b0d0da1cce9e05?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9\u0026tag=1.3.0-29"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74_arm64",
"product": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74_arm64",
"product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9\u0026tag=1.3.0-30"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:61f301f44a2b26dd73897046cdd9e511eaee0f026092aeb8c2b0c57a4cf3fb59_arm64",
"product": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:61f301f44a2b26dd73897046cdd9e511eaee0f026092aeb8c2b0c57a4cf3fb59_arm64",
"product_id": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:61f301f44a2b26dd73897046cdd9e511eaee0f026092aeb8c2b0c57a4cf3fb59_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel9@sha256:61f301f44a2b26dd73897046cdd9e511eaee0f026092aeb8c2b0c57a4cf3fb59?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9\u0026tag=1.3.0-45"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64",
"product": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64",
"product_id": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9\u0026tag=1.3.0-29"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567_amd64",
"product": {
"name": "oadp/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567_amd64",
"product_id": "oadp/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel9\u0026tag=1.3.0-138"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957_amd64",
"product": {
"name": "oadp/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957_amd64",
"product_id": "oadp/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.3.0-156"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-rhel9-operator@sha256:a4995bf30e14bcc454a978199f4b6b9fbdcb5668dd80ebaa05cd8b4d64486856_amd64",
"product": {
"name": "oadp/oadp-rhel9-operator@sha256:a4995bf30e14bcc454a978199f4b6b9fbdcb5668dd80ebaa05cd8b4d64486856_amd64",
"product_id": "oadp/oadp-rhel9-operator@sha256:a4995bf30e14bcc454a978199f4b6b9fbdcb5668dd80ebaa05cd8b4d64486856_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-rhel9-operator@sha256:a4995bf30e14bcc454a978199f4b6b9fbdcb5668dd80ebaa05cd8b4d64486856?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-rhel9-operator\u0026tag=1.3.0-97"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-rhel9@sha256:35705ecc01555ec8b6deda36aca73d4a1eb0fdee12ce66f6109cbfe46a9a89b9_amd64",
"product": {
"name": "oadp/oadp-velero-rhel9@sha256:35705ecc01555ec8b6deda36aca73d4a1eb0fdee12ce66f6109cbfe46a9a89b9_amd64",
"product_id": "oadp/oadp-velero-rhel9@sha256:35705ecc01555ec8b6deda36aca73d4a1eb0fdee12ce66f6109cbfe46a9a89b9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-rhel9@sha256:35705ecc01555ec8b6deda36aca73d4a1eb0fdee12ce66f6109cbfe46a9a89b9?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel9\u0026tag=1.3.0-50"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-rhel9@sha256:01918f08d522dcf429dfbdab99dfc0c57aa84a5073b084c5f83b6ab6dca805c3_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-rhel9@sha256:01918f08d522dcf429dfbdab99dfc0c57aa84a5073b084c5f83b6ab6dca805c3_amd64",
"product_id": "oadp/oadp-velero-plugin-rhel9@sha256:01918f08d522dcf429dfbdab99dfc0c57aa84a5073b084c5f83b6ab6dca805c3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-rhel9@sha256:01918f08d522dcf429dfbdab99dfc0c57aa84a5073b084c5f83b6ab6dca805c3?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel9\u0026tag=1.3.0-32"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1_amd64",
"product_id": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9\u0026tag=1.3.0-29"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-csi-rhel9@sha256:857e46130a3b0be6d76d45531518e44e59d3a10cfe635fd602b1e28c1d9f5ee8_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel9@sha256:857e46130a3b0be6d76d45531518e44e59d3a10cfe635fd602b1e28c1d9f5ee8_amd64",
"product_id": "oadp/oadp-velero-plugin-for-csi-rhel9@sha256:857e46130a3b0be6d76d45531518e44e59d3a10cfe635fd602b1e28c1d9f5ee8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel9@sha256:857e46130a3b0be6d76d45531518e44e59d3a10cfe635fd602b1e28c1d9f5ee8?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel9\u0026tag=1.3.0-34"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d_amd64",
"product_id": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9\u0026tag=1.3.0-29"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:62db24300066a4f25fadc6f9f2e38d5ed52053932084524021b98ade564b8a5f_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:62db24300066a4f25fadc6f9f2e38d5ed52053932084524021b98ade564b8a5f_amd64",
"product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:62db24300066a4f25fadc6f9f2e38d5ed52053932084524021b98ade564b8a5f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:62db24300066a4f25fadc6f9f2e38d5ed52053932084524021b98ade564b8a5f?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9\u0026tag=1.3.0-30"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:e76d891b2cd11cbc1e7f033e3ec03e560759785d6cac10b07899413e4ebd4393_amd64",
"product": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:e76d891b2cd11cbc1e7f033e3ec03e560759785d6cac10b07899413e4ebd4393_amd64",
"product_id": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:e76d891b2cd11cbc1e7f033e3ec03e560759785d6cac10b07899413e4ebd4393_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel9@sha256:e76d891b2cd11cbc1e7f033e3ec03e560759785d6cac10b07899413e4ebd4393?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9\u0026tag=1.3.0-45"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:0d0b1ab0e8c287286f19ce71d9aacba69510826347f4dda5e0ff7a2be0ef6c88_ppc64le",
"product": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:0d0b1ab0e8c287286f19ce71d9aacba69510826347f4dda5e0ff7a2be0ef6c88_ppc64le",
"product_id": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:0d0b1ab0e8c287286f19ce71d9aacba69510826347f4dda5e0ff7a2be0ef6c88_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel9@sha256:0d0b1ab0e8c287286f19ce71d9aacba69510826347f4dda5e0ff7a2be0ef6c88?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9\u0026tag=1.3.0-29"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-mustgather-rhel9@sha256:71ae5ff534f4f67cf99dedc3c21b247a3e88749fad856249e7ad746518671667_ppc64le",
"product": {
"name": "oadp/oadp-mustgather-rhel9@sha256:71ae5ff534f4f67cf99dedc3c21b247a3e88749fad856249e7ad746518671667_ppc64le",
"product_id": "oadp/oadp-mustgather-rhel9@sha256:71ae5ff534f4f67cf99dedc3c21b247a3e88749fad856249e7ad746518671667_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-mustgather-rhel9@sha256:71ae5ff534f4f67cf99dedc3c21b247a3e88749fad856249e7ad746518671667?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel9\u0026tag=1.3.0-138"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-operator-bundle@sha256:27778b1cea8867d0e5a1dd400fa4e605161fbaf7fa1e9eeacd63522bfd1cf5d6_ppc64le",
"product": {
"name": "oadp/oadp-operator-bundle@sha256:27778b1cea8867d0e5a1dd400fa4e605161fbaf7fa1e9eeacd63522bfd1cf5d6_ppc64le",
"product_id": "oadp/oadp-operator-bundle@sha256:27778b1cea8867d0e5a1dd400fa4e605161fbaf7fa1e9eeacd63522bfd1cf5d6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-operator-bundle@sha256:27778b1cea8867d0e5a1dd400fa4e605161fbaf7fa1e9eeacd63522bfd1cf5d6?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.3.0-156"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd_ppc64le",
"product": {
"name": "oadp/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd_ppc64le",
"product_id": "oadp/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-rhel9-operator\u0026tag=1.3.0-97"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le",
"product": {
"name": "oadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le",
"product_id": "oadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel9\u0026tag=1.3.0-50"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-rhel9@sha256:befbf80f9941cb94914184c8459853b9575a795d39d827c40593de06a67bc6a0_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-rhel9@sha256:befbf80f9941cb94914184c8459853b9575a795d39d827c40593de06a67bc6a0_ppc64le",
"product_id": "oadp/oadp-velero-plugin-rhel9@sha256:befbf80f9941cb94914184c8459853b9575a795d39d827c40593de06a67bc6a0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-rhel9@sha256:befbf80f9941cb94914184c8459853b9575a795d39d827c40593de06a67bc6a0?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel9\u0026tag=1.3.0-32"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:a355c4029f781a38c9d0878fcfae79191751aafe63a88d0f7b00df66520fac6c_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:a355c4029f781a38c9d0878fcfae79191751aafe63a88d0f7b00df66520fac6c_ppc64le",
"product_id": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:a355c4029f781a38c9d0878fcfae79191751aafe63a88d0f7b00df66520fac6c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel9@sha256:a355c4029f781a38c9d0878fcfae79191751aafe63a88d0f7b00df66520fac6c?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9\u0026tag=1.3.0-29"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-csi-rhel9@sha256:0e82ac7f8380539bbc82507e7ef55d9a97d79eaeb8c3c0ada81e6dddd29b19eb_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel9@sha256:0e82ac7f8380539bbc82507e7ef55d9a97d79eaeb8c3c0ada81e6dddd29b19eb_ppc64le",
"product_id": "oadp/oadp-velero-plugin-for-csi-rhel9@sha256:0e82ac7f8380539bbc82507e7ef55d9a97d79eaeb8c3c0ada81e6dddd29b19eb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel9@sha256:0e82ac7f8380539bbc82507e7ef55d9a97d79eaeb8c3c0ada81e6dddd29b19eb?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel9\u0026tag=1.3.0-34"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d8772fc1fb3f4597dc0e0c0de6986cd0954a61ae67830d01a1e3e7ecfef0fb22_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d8772fc1fb3f4597dc0e0c0de6986cd0954a61ae67830d01a1e3e7ecfef0fb22_ppc64le",
"product_id": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d8772fc1fb3f4597dc0e0c0de6986cd0954a61ae67830d01a1e3e7ecfef0fb22_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel9@sha256:d8772fc1fb3f4597dc0e0c0de6986cd0954a61ae67830d01a1e3e7ecfef0fb22?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9\u0026tag=1.3.0-29"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le",
"product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9\u0026tag=1.3.0-30"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:0a37b41f0311547a307509c968071bf6449e48c42e8cdf2544e4378ac7359903_ppc64le",
"product": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:0a37b41f0311547a307509c968071bf6449e48c42e8cdf2544e4378ac7359903_ppc64le",
"product_id": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:0a37b41f0311547a307509c968071bf6449e48c42e8cdf2544e4378ac7359903_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel9@sha256:0a37b41f0311547a307509c968071bf6449e48c42e8cdf2544e4378ac7359903?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9\u0026tag=1.3.0-45"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:0d0b1ab0e8c287286f19ce71d9aacba69510826347f4dda5e0ff7a2be0ef6c88_ppc64le as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:0d0b1ab0e8c287286f19ce71d9aacba69510826347f4dda5e0ff7a2be0ef6c88_ppc64le"
},
"product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:0d0b1ab0e8c287286f19ce71d9aacba69510826347f4dda5e0ff7a2be0ef6c88_ppc64le",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64 as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64"
},
"product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:5b149e2f215085f5b969bde093fcac250682d48ccd2d1e671d55e945e02c5c24_arm64 as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:5b149e2f215085f5b969bde093fcac250682d48ccd2d1e671d55e945e02c5c24_arm64"
},
"product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:5b149e2f215085f5b969bde093fcac250682d48ccd2d1e671d55e945e02c5c24_arm64",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f68841818eebf6fd794a4766fcaddacc7476b02e5248a25db45ee325b9dbd682_s390x as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f68841818eebf6fd794a4766fcaddacc7476b02e5248a25db45ee325b9dbd682_s390x"
},
"product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f68841818eebf6fd794a4766fcaddacc7476b02e5248a25db45ee325b9dbd682_s390x",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567_amd64 as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567_amd64"
},
"product_reference": "oadp/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567_amd64",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-mustgather-rhel9@sha256:474ed76e1544436e6708c029329f4cebc72efdcfb2e2df751c3cd917224a8e4a_arm64 as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:474ed76e1544436e6708c029329f4cebc72efdcfb2e2df751c3cd917224a8e4a_arm64"
},
"product_reference": "oadp/oadp-mustgather-rhel9@sha256:474ed76e1544436e6708c029329f4cebc72efdcfb2e2df751c3cd917224a8e4a_arm64",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-mustgather-rhel9@sha256:71ae5ff534f4f67cf99dedc3c21b247a3e88749fad856249e7ad746518671667_ppc64le as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:71ae5ff534f4f67cf99dedc3c21b247a3e88749fad856249e7ad746518671667_ppc64le"
},
"product_reference": "oadp/oadp-mustgather-rhel9@sha256:71ae5ff534f4f67cf99dedc3c21b247a3e88749fad856249e7ad746518671667_ppc64le",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x"
},
"product_reference": "oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-operator-bundle@sha256:27778b1cea8867d0e5a1dd400fa4e605161fbaf7fa1e9eeacd63522bfd1cf5d6_ppc64le as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:27778b1cea8867d0e5a1dd400fa4e605161fbaf7fa1e9eeacd63522bfd1cf5d6_ppc64le"
},
"product_reference": "oadp/oadp-operator-bundle@sha256:27778b1cea8867d0e5a1dd400fa4e605161fbaf7fa1e9eeacd63522bfd1cf5d6_ppc64le",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-operator-bundle@sha256:3059a1db6a7041bad8c656287d8fcafc478ac15656fe95d030e9bafa967e8d9a_s390x as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:3059a1db6a7041bad8c656287d8fcafc478ac15656fe95d030e9bafa967e8d9a_s390x"
},
"product_reference": "oadp/oadp-operator-bundle@sha256:3059a1db6a7041bad8c656287d8fcafc478ac15656fe95d030e9bafa967e8d9a_s390x",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957_amd64 as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957_amd64"
},
"product_reference": "oadp/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957_amd64",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-operator-bundle@sha256:50e6ff903856253916602dbb2e2fc5d0a2cf013fb710af1fb618c09aed30d09d_arm64 as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:50e6ff903856253916602dbb2e2fc5d0a2cf013fb710af1fb618c09aed30d09d_arm64"
},
"product_reference": "oadp/oadp-operator-bundle@sha256:50e6ff903856253916602dbb2e2fc5d0a2cf013fb710af1fb618c09aed30d09d_arm64",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-rhel9-operator@sha256:063111faad5ce211e11c5eb2d61559d0b9a89178cdf86377e38599e7232d55d2_s390x as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:063111faad5ce211e11c5eb2d61559d0b9a89178cdf86377e38599e7232d55d2_s390x"
},
"product_reference": "oadp/oadp-rhel9-operator@sha256:063111faad5ce211e11c5eb2d61559d0b9a89178cdf86377e38599e7232d55d2_s390x",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-rhel9-operator@sha256:a4995bf30e14bcc454a978199f4b6b9fbdcb5668dd80ebaa05cd8b4d64486856_amd64 as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:a4995bf30e14bcc454a978199f4b6b9fbdcb5668dd80ebaa05cd8b4d64486856_amd64"
},
"product_reference": "oadp/oadp-rhel9-operator@sha256:a4995bf30e14bcc454a978199f4b6b9fbdcb5668dd80ebaa05cd8b4d64486856_amd64",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64 as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64"
},
"product_reference": "oadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd_ppc64le as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd_ppc64le"
},
"product_reference": "oadp/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd_ppc64le",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:24a009a20c555e5da425a4127ac944907db6a70e733bfd7d4009406430d2e615_s390x as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:24a009a20c555e5da425a4127ac944907db6a70e733bfd7d4009406430d2e615_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:24a009a20c555e5da425a4127ac944907db6a70e733bfd7d4009406430d2e615_s390x",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1_amd64 as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1_amd64",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:a355c4029f781a38c9d0878fcfae79191751aafe63a88d0f7b00df66520fac6c_ppc64le as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:a355c4029f781a38c9d0878fcfae79191751aafe63a88d0f7b00df66520fac6c_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:a355c4029f781a38c9d0878fcfae79191751aafe63a88d0f7b00df66520fac6c_ppc64le",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:be8c3101ff144d717007d7871457df69e1158c993c8b4fe5deac7294b939e3ee_arm64 as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:be8c3101ff144d717007d7871457df69e1158c993c8b4fe5deac7294b939e3ee_arm64"
},
"product_reference": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:be8c3101ff144d717007d7871457df69e1158c993c8b4fe5deac7294b939e3ee_arm64",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel9@sha256:0e82ac7f8380539bbc82507e7ef55d9a97d79eaeb8c3c0ada81e6dddd29b19eb_ppc64le as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:0e82ac7f8380539bbc82507e7ef55d9a97d79eaeb8c3c0ada81e6dddd29b19eb_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-for-csi-rhel9@sha256:0e82ac7f8380539bbc82507e7ef55d9a97d79eaeb8c3c0ada81e6dddd29b19eb_ppc64le",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel9@sha256:2a9f38ceaf22ef7d06a072b6a590a63ad7169f9e5936ca81236723cae5f679e5_arm64 as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:2a9f38ceaf22ef7d06a072b6a590a63ad7169f9e5936ca81236723cae5f679e5_arm64"
},
"product_reference": "oadp/oadp-velero-plugin-for-csi-rhel9@sha256:2a9f38ceaf22ef7d06a072b6a590a63ad7169f9e5936ca81236723cae5f679e5_arm64",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a_s390x as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a_s390x",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel9@sha256:857e46130a3b0be6d76d45531518e44e59d3a10cfe635fd602b1e28c1d9f5ee8_amd64 as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:857e46130a3b0be6d76d45531518e44e59d3a10cfe635fd602b1e28c1d9f5ee8_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-csi-rhel9@sha256:857e46130a3b0be6d76d45531518e44e59d3a10cfe635fd602b1e28c1d9f5ee8_amd64",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:5d7cb76f4424c2208d9aee8368b960137d69d173caf88c1c5c63b1880374550b_s390x as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:5d7cb76f4424c2208d9aee8368b960137d69d173caf88c1c5c63b1880374550b_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:5d7cb76f4424c2208d9aee8368b960137d69d173caf88c1c5c63b1880374550b_s390x",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d_amd64 as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d_amd64",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d8772fc1fb3f4597dc0e0c0de6986cd0954a61ae67830d01a1e3e7ecfef0fb22_ppc64le as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d8772fc1fb3f4597dc0e0c0de6986cd0954a61ae67830d01a1e3e7ecfef0fb22_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d8772fc1fb3f4597dc0e0c0de6986cd0954a61ae67830d01a1e3e7ecfef0fb22_ppc64le",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:f950bddfb84693a35c98df847c1ccf486a4c480207f50b6836b0d0da1cce9e05_arm64 as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:f950bddfb84693a35c98df847c1ccf486a4c480207f50b6836b0d0da1cce9e05_arm64"
},
"product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:f950bddfb84693a35c98df847c1ccf486a4c480207f50b6836b0d0da1cce9e05_arm64",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:62db24300066a4f25fadc6f9f2e38d5ed52053932084524021b98ade564b8a5f_amd64 as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:62db24300066a4f25fadc6f9f2e38d5ed52053932084524021b98ade564b8a5f_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:62db24300066a4f25fadc6f9f2e38d5ed52053932084524021b98ade564b8a5f_amd64",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74_arm64 as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74_arm64"
},
"product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74_arm64",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59_s390x as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59_s390x",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-rhel9@sha256:01918f08d522dcf429dfbdab99dfc0c57aa84a5073b084c5f83b6ab6dca805c3_amd64 as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:01918f08d522dcf429dfbdab99dfc0c57aa84a5073b084c5f83b6ab6dca805c3_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-rhel9@sha256:01918f08d522dcf429dfbdab99dfc0c57aa84a5073b084c5f83b6ab6dca805c3_amd64",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24_s390x as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24_s390x",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-rhel9@sha256:bcc35ddbe11badbbf7fc900dbe53bd2ef3f51d867c5a64f59b7d43d1c5e801a6_arm64 as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:bcc35ddbe11badbbf7fc900dbe53bd2ef3f51d867c5a64f59b7d43d1c5e801a6_arm64"
},
"product_reference": "oadp/oadp-velero-plugin-rhel9@sha256:bcc35ddbe11badbbf7fc900dbe53bd2ef3f51d867c5a64f59b7d43d1c5e801a6_arm64",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-rhel9@sha256:befbf80f9941cb94914184c8459853b9575a795d39d827c40593de06a67bc6a0_ppc64le as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:befbf80f9941cb94914184c8459853b9575a795d39d827c40593de06a67bc6a0_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-rhel9@sha256:befbf80f9941cb94914184c8459853b9575a795d39d827c40593de06a67bc6a0_ppc64le",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:0a37b41f0311547a307509c968071bf6449e48c42e8cdf2544e4378ac7359903_ppc64le as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:0a37b41f0311547a307509c968071bf6449e48c42e8cdf2544e4378ac7359903_ppc64le"
},
"product_reference": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:0a37b41f0311547a307509c968071bf6449e48c42e8cdf2544e4378ac7359903_ppc64le",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:61f301f44a2b26dd73897046cdd9e511eaee0f026092aeb8c2b0c57a4cf3fb59_arm64 as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:61f301f44a2b26dd73897046cdd9e511eaee0f026092aeb8c2b0c57a4cf3fb59_arm64"
},
"product_reference": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:61f301f44a2b26dd73897046cdd9e511eaee0f026092aeb8c2b0c57a4cf3fb59_arm64",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:a47a609eb3c1a6f881592a3c080a413541c4682d60993c33f944f690095e99c7_s390x as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:a47a609eb3c1a6f881592a3c080a413541c4682d60993c33f944f690095e99c7_s390x"
},
"product_reference": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:a47a609eb3c1a6f881592a3c080a413541c4682d60993c33f944f690095e99c7_s390x",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:e76d891b2cd11cbc1e7f033e3ec03e560759785d6cac10b07899413e4ebd4393_amd64 as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:e76d891b2cd11cbc1e7f033e3ec03e560759785d6cac10b07899413e4ebd4393_amd64"
},
"product_reference": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:e76d891b2cd11cbc1e7f033e3ec03e560759785d6cac10b07899413e4ebd4393_amd64",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-rhel9@sha256:197a2a9ccf5939ffc38a2e81868ccddd908a79f713f72c06e56bcb34c7dd0ca7_arm64 as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:197a2a9ccf5939ffc38a2e81868ccddd908a79f713f72c06e56bcb34c7dd0ca7_arm64"
},
"product_reference": "oadp/oadp-velero-rhel9@sha256:197a2a9ccf5939ffc38a2e81868ccddd908a79f713f72c06e56bcb34c7dd0ca7_arm64",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-rhel9@sha256:35705ecc01555ec8b6deda36aca73d4a1eb0fdee12ce66f6109cbfe46a9a89b9_amd64 as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:35705ecc01555ec8b6deda36aca73d4a1eb0fdee12ce66f6109cbfe46a9a89b9_amd64"
},
"product_reference": "oadp/oadp-velero-rhel9@sha256:35705ecc01555ec8b6deda36aca73d4a1eb0fdee12ce66f6109cbfe46a9a89b9_amd64",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-rhel9@sha256:492ce9081642ee43dd2de20b68f48c687bab9b23efcb6a77648f9a341687a818_s390x as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:492ce9081642ee43dd2de20b68f48c687bab9b23efcb6a77648f9a341687a818_s390x"
},
"product_reference": "oadp/oadp-velero-rhel9@sha256:492ce9081642ee43dd2de20b68f48c687bab9b23efcb6a77648f9a341687a818_s390x",
"relates_to_product_reference": "9Base-OADP-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le as a component of 9Base-OADP-1.3",
"product_id": "9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le"
},
"product_reference": "oadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le",
"relates_to_product_reference": "9Base-OADP-1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567_amd64",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:474ed76e1544436e6708c029329f4cebc72efdcfb2e2df751c3cd917224a8e4a_arm64",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:71ae5ff534f4f67cf99dedc3c21b247a3e88749fad856249e7ad746518671667_ppc64le",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:27778b1cea8867d0e5a1dd400fa4e605161fbaf7fa1e9eeacd63522bfd1cf5d6_ppc64le",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:3059a1db6a7041bad8c656287d8fcafc478ac15656fe95d030e9bafa967e8d9a_s390x",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957_amd64",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:50e6ff903856253916602dbb2e2fc5d0a2cf013fb710af1fb618c09aed30d09d_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:0a37b41f0311547a307509c968071bf6449e48c42e8cdf2544e4378ac7359903_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:61f301f44a2b26dd73897046cdd9e511eaee0f026092aeb8c2b0c57a4cf3fb59_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:a47a609eb3c1a6f881592a3c080a413541c4682d60993c33f944f690095e99c7_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:e76d891b2cd11cbc1e7f033e3ec03e560759785d6cac10b07899413e4ebd4393_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:0d0b1ab0e8c287286f19ce71d9aacba69510826347f4dda5e0ff7a2be0ef6c88_ppc64le",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:5b149e2f215085f5b969bde093fcac250682d48ccd2d1e671d55e945e02c5c24_arm64",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f68841818eebf6fd794a4766fcaddacc7476b02e5248a25db45ee325b9dbd682_s390x",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:063111faad5ce211e11c5eb2d61559d0b9a89178cdf86377e38599e7232d55d2_s390x",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:a4995bf30e14bcc454a978199f4b6b9fbdcb5668dd80ebaa05cd8b4d64486856_amd64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:24a009a20c555e5da425a4127ac944907db6a70e733bfd7d4009406430d2e615_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:a355c4029f781a38c9d0878fcfae79191751aafe63a88d0f7b00df66520fac6c_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:be8c3101ff144d717007d7871457df69e1158c993c8b4fe5deac7294b939e3ee_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:0e82ac7f8380539bbc82507e7ef55d9a97d79eaeb8c3c0ada81e6dddd29b19eb_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:2a9f38ceaf22ef7d06a072b6a590a63ad7169f9e5936ca81236723cae5f679e5_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:857e46130a3b0be6d76d45531518e44e59d3a10cfe635fd602b1e28c1d9f5ee8_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:5d7cb76f4424c2208d9aee8368b960137d69d173caf88c1c5c63b1880374550b_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d8772fc1fb3f4597dc0e0c0de6986cd0954a61ae67830d01a1e3e7ecfef0fb22_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:f950bddfb84693a35c98df847c1ccf486a4c480207f50b6836b0d0da1cce9e05_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:62db24300066a4f25fadc6f9f2e38d5ed52053932084524021b98ade564b8a5f_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:01918f08d522dcf429dfbdab99dfc0c57aa84a5073b084c5f83b6ab6dca805c3_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:bcc35ddbe11badbbf7fc900dbe53bd2ef3f51d867c5a64f59b7d43d1c5e801a6_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:befbf80f9941cb94914184c8459853b9575a795d39d827c40593de06a67bc6a0_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:197a2a9ccf5939ffc38a2e81868ccddd908a79f713f72c06e56bcb34c7dd0ca7_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:35705ecc01555ec8b6deda36aca73d4a1eb0fdee12ce66f6109cbfe46a9a89b9_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:492ce9081642ee43dd2de20b68f48c687bab9b23efcb6a77648f9a341687a818_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le"
],
"known_not_affected": [
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567_amd64",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:474ed76e1544436e6708c029329f4cebc72efdcfb2e2df751c3cd917224a8e4a_arm64",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:71ae5ff534f4f67cf99dedc3c21b247a3e88749fad856249e7ad746518671667_ppc64le",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:27778b1cea8867d0e5a1dd400fa4e605161fbaf7fa1e9eeacd63522bfd1cf5d6_ppc64le",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:3059a1db6a7041bad8c656287d8fcafc478ac15656fe95d030e9bafa967e8d9a_s390x",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957_amd64",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:50e6ff903856253916602dbb2e2fc5d0a2cf013fb710af1fb618c09aed30d09d_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:0a37b41f0311547a307509c968071bf6449e48c42e8cdf2544e4378ac7359903_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:61f301f44a2b26dd73897046cdd9e511eaee0f026092aeb8c2b0c57a4cf3fb59_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:a47a609eb3c1a6f881592a3c080a413541c4682d60993c33f944f690095e99c7_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:e76d891b2cd11cbc1e7f033e3ec03e560759785d6cac10b07899413e4ebd4393_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-28T18:50:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:0d0b1ab0e8c287286f19ce71d9aacba69510826347f4dda5e0ff7a2be0ef6c88_ppc64le",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:5b149e2f215085f5b969bde093fcac250682d48ccd2d1e671d55e945e02c5c24_arm64",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f68841818eebf6fd794a4766fcaddacc7476b02e5248a25db45ee325b9dbd682_s390x",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:063111faad5ce211e11c5eb2d61559d0b9a89178cdf86377e38599e7232d55d2_s390x",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:a4995bf30e14bcc454a978199f4b6b9fbdcb5668dd80ebaa05cd8b4d64486856_amd64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:24a009a20c555e5da425a4127ac944907db6a70e733bfd7d4009406430d2e615_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:a355c4029f781a38c9d0878fcfae79191751aafe63a88d0f7b00df66520fac6c_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:be8c3101ff144d717007d7871457df69e1158c993c8b4fe5deac7294b939e3ee_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:0e82ac7f8380539bbc82507e7ef55d9a97d79eaeb8c3c0ada81e6dddd29b19eb_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:2a9f38ceaf22ef7d06a072b6a590a63ad7169f9e5936ca81236723cae5f679e5_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:857e46130a3b0be6d76d45531518e44e59d3a10cfe635fd602b1e28c1d9f5ee8_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:5d7cb76f4424c2208d9aee8368b960137d69d173caf88c1c5c63b1880374550b_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d8772fc1fb3f4597dc0e0c0de6986cd0954a61ae67830d01a1e3e7ecfef0fb22_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:f950bddfb84693a35c98df847c1ccf486a4c480207f50b6836b0d0da1cce9e05_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:62db24300066a4f25fadc6f9f2e38d5ed52053932084524021b98ade564b8a5f_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:01918f08d522dcf429dfbdab99dfc0c57aa84a5073b084c5f83b6ab6dca805c3_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:bcc35ddbe11badbbf7fc900dbe53bd2ef3f51d867c5a64f59b7d43d1c5e801a6_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:befbf80f9941cb94914184c8459853b9575a795d39d827c40593de06a67bc6a0_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:197a2a9ccf5939ffc38a2e81868ccddd908a79f713f72c06e56bcb34c7dd0ca7_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:35705ecc01555ec8b6deda36aca73d4a1eb0fdee12ce66f6109cbfe46a9a89b9_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:492ce9081642ee43dd2de20b68f48c687bab9b23efcb6a77648f9a341687a818_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7555"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:0d0b1ab0e8c287286f19ce71d9aacba69510826347f4dda5e0ff7a2be0ef6c88_ppc64le",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:5b149e2f215085f5b969bde093fcac250682d48ccd2d1e671d55e945e02c5c24_arm64",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f68841818eebf6fd794a4766fcaddacc7476b02e5248a25db45ee325b9dbd682_s390x",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567_amd64",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:474ed76e1544436e6708c029329f4cebc72efdcfb2e2df751c3cd917224a8e4a_arm64",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:71ae5ff534f4f67cf99dedc3c21b247a3e88749fad856249e7ad746518671667_ppc64le",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:27778b1cea8867d0e5a1dd400fa4e605161fbaf7fa1e9eeacd63522bfd1cf5d6_ppc64le",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:3059a1db6a7041bad8c656287d8fcafc478ac15656fe95d030e9bafa967e8d9a_s390x",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957_amd64",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:50e6ff903856253916602dbb2e2fc5d0a2cf013fb710af1fb618c09aed30d09d_arm64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:063111faad5ce211e11c5eb2d61559d0b9a89178cdf86377e38599e7232d55d2_s390x",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:a4995bf30e14bcc454a978199f4b6b9fbdcb5668dd80ebaa05cd8b4d64486856_amd64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:24a009a20c555e5da425a4127ac944907db6a70e733bfd7d4009406430d2e615_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:a355c4029f781a38c9d0878fcfae79191751aafe63a88d0f7b00df66520fac6c_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:be8c3101ff144d717007d7871457df69e1158c993c8b4fe5deac7294b939e3ee_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:0e82ac7f8380539bbc82507e7ef55d9a97d79eaeb8c3c0ada81e6dddd29b19eb_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:2a9f38ceaf22ef7d06a072b6a590a63ad7169f9e5936ca81236723cae5f679e5_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:857e46130a3b0be6d76d45531518e44e59d3a10cfe635fd602b1e28c1d9f5ee8_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:5d7cb76f4424c2208d9aee8368b960137d69d173caf88c1c5c63b1880374550b_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d8772fc1fb3f4597dc0e0c0de6986cd0954a61ae67830d01a1e3e7ecfef0fb22_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:f950bddfb84693a35c98df847c1ccf486a4c480207f50b6836b0d0da1cce9e05_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:62db24300066a4f25fadc6f9f2e38d5ed52053932084524021b98ade564b8a5f_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:01918f08d522dcf429dfbdab99dfc0c57aa84a5073b084c5f83b6ab6dca805c3_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:bcc35ddbe11badbbf7fc900dbe53bd2ef3f51d867c5a64f59b7d43d1c5e801a6_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:befbf80f9941cb94914184c8459853b9575a795d39d827c40593de06a67bc6a0_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:0a37b41f0311547a307509c968071bf6449e48c42e8cdf2544e4378ac7359903_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:61f301f44a2b26dd73897046cdd9e511eaee0f026092aeb8c2b0c57a4cf3fb59_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:a47a609eb3c1a6f881592a3c080a413541c4682d60993c33f944f690095e99c7_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:e76d891b2cd11cbc1e7f033e3ec03e560759785d6cac10b07899413e4ebd4393_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:197a2a9ccf5939ffc38a2e81868ccddd908a79f713f72c06e56bcb34c7dd0ca7_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:35705ecc01555ec8b6deda36aca73d4a1eb0fdee12ce66f6109cbfe46a9a89b9_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:492ce9081642ee43dd2de20b68f48c687bab9b23efcb6a77648f9a341687a818_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:0d0b1ab0e8c287286f19ce71d9aacba69510826347f4dda5e0ff7a2be0ef6c88_ppc64le",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:5b149e2f215085f5b969bde093fcac250682d48ccd2d1e671d55e945e02c5c24_arm64",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f68841818eebf6fd794a4766fcaddacc7476b02e5248a25db45ee325b9dbd682_s390x",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567_amd64",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:474ed76e1544436e6708c029329f4cebc72efdcfb2e2df751c3cd917224a8e4a_arm64",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:71ae5ff534f4f67cf99dedc3c21b247a3e88749fad856249e7ad746518671667_ppc64le",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:27778b1cea8867d0e5a1dd400fa4e605161fbaf7fa1e9eeacd63522bfd1cf5d6_ppc64le",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:3059a1db6a7041bad8c656287d8fcafc478ac15656fe95d030e9bafa967e8d9a_s390x",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957_amd64",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:50e6ff903856253916602dbb2e2fc5d0a2cf013fb710af1fb618c09aed30d09d_arm64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:063111faad5ce211e11c5eb2d61559d0b9a89178cdf86377e38599e7232d55d2_s390x",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:a4995bf30e14bcc454a978199f4b6b9fbdcb5668dd80ebaa05cd8b4d64486856_amd64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:24a009a20c555e5da425a4127ac944907db6a70e733bfd7d4009406430d2e615_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:a355c4029f781a38c9d0878fcfae79191751aafe63a88d0f7b00df66520fac6c_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:be8c3101ff144d717007d7871457df69e1158c993c8b4fe5deac7294b939e3ee_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:0e82ac7f8380539bbc82507e7ef55d9a97d79eaeb8c3c0ada81e6dddd29b19eb_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:2a9f38ceaf22ef7d06a072b6a590a63ad7169f9e5936ca81236723cae5f679e5_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:857e46130a3b0be6d76d45531518e44e59d3a10cfe635fd602b1e28c1d9f5ee8_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:5d7cb76f4424c2208d9aee8368b960137d69d173caf88c1c5c63b1880374550b_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d8772fc1fb3f4597dc0e0c0de6986cd0954a61ae67830d01a1e3e7ecfef0fb22_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:f950bddfb84693a35c98df847c1ccf486a4c480207f50b6836b0d0da1cce9e05_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:62db24300066a4f25fadc6f9f2e38d5ed52053932084524021b98ade564b8a5f_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:01918f08d522dcf429dfbdab99dfc0c57aa84a5073b084c5f83b6ab6dca805c3_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:bcc35ddbe11badbbf7fc900dbe53bd2ef3f51d867c5a64f59b7d43d1c5e801a6_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:befbf80f9941cb94914184c8459853b9575a795d39d827c40593de06a67bc6a0_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:0a37b41f0311547a307509c968071bf6449e48c42e8cdf2544e4378ac7359903_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:61f301f44a2b26dd73897046cdd9e511eaee0f026092aeb8c2b0c57a4cf3fb59_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:a47a609eb3c1a6f881592a3c080a413541c4682d60993c33f944f690095e99c7_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:e76d891b2cd11cbc1e7f033e3ec03e560759785d6cac10b07899413e4ebd4393_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:197a2a9ccf5939ffc38a2e81868ccddd908a79f713f72c06e56bcb34c7dd0ca7_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:35705ecc01555ec8b6deda36aca73d4a1eb0fdee12ce66f6109cbfe46a9a89b9_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:492ce9081642ee43dd2de20b68f48c687bab9b23efcb6a77648f9a341687a818_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:0d0b1ab0e8c287286f19ce71d9aacba69510826347f4dda5e0ff7a2be0ef6c88_ppc64le",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:5b149e2f215085f5b969bde093fcac250682d48ccd2d1e671d55e945e02c5c24_arm64",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f68841818eebf6fd794a4766fcaddacc7476b02e5248a25db45ee325b9dbd682_s390x",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567_amd64",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:474ed76e1544436e6708c029329f4cebc72efdcfb2e2df751c3cd917224a8e4a_arm64",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:71ae5ff534f4f67cf99dedc3c21b247a3e88749fad856249e7ad746518671667_ppc64le",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:27778b1cea8867d0e5a1dd400fa4e605161fbaf7fa1e9eeacd63522bfd1cf5d6_ppc64le",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:3059a1db6a7041bad8c656287d8fcafc478ac15656fe95d030e9bafa967e8d9a_s390x",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957_amd64",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:50e6ff903856253916602dbb2e2fc5d0a2cf013fb710af1fb618c09aed30d09d_arm64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:063111faad5ce211e11c5eb2d61559d0b9a89178cdf86377e38599e7232d55d2_s390x",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:a4995bf30e14bcc454a978199f4b6b9fbdcb5668dd80ebaa05cd8b4d64486856_amd64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:24a009a20c555e5da425a4127ac944907db6a70e733bfd7d4009406430d2e615_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:a355c4029f781a38c9d0878fcfae79191751aafe63a88d0f7b00df66520fac6c_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:be8c3101ff144d717007d7871457df69e1158c993c8b4fe5deac7294b939e3ee_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:0e82ac7f8380539bbc82507e7ef55d9a97d79eaeb8c3c0ada81e6dddd29b19eb_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:2a9f38ceaf22ef7d06a072b6a590a63ad7169f9e5936ca81236723cae5f679e5_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:857e46130a3b0be6d76d45531518e44e59d3a10cfe635fd602b1e28c1d9f5ee8_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:5d7cb76f4424c2208d9aee8368b960137d69d173caf88c1c5c63b1880374550b_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d8772fc1fb3f4597dc0e0c0de6986cd0954a61ae67830d01a1e3e7ecfef0fb22_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:f950bddfb84693a35c98df847c1ccf486a4c480207f50b6836b0d0da1cce9e05_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:62db24300066a4f25fadc6f9f2e38d5ed52053932084524021b98ade564b8a5f_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:01918f08d522dcf429dfbdab99dfc0c57aa84a5073b084c5f83b6ab6dca805c3_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:bcc35ddbe11badbbf7fc900dbe53bd2ef3f51d867c5a64f59b7d43d1c5e801a6_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:befbf80f9941cb94914184c8459853b9575a795d39d827c40593de06a67bc6a0_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:0a37b41f0311547a307509c968071bf6449e48c42e8cdf2544e4378ac7359903_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:61f301f44a2b26dd73897046cdd9e511eaee0f026092aeb8c2b0c57a4cf3fb59_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:a47a609eb3c1a6f881592a3c080a413541c4682d60993c33f944f690095e99c7_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:e76d891b2cd11cbc1e7f033e3ec03e560759785d6cac10b07899413e4ebd4393_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:197a2a9ccf5939ffc38a2e81868ccddd908a79f713f72c06e56bcb34c7dd0ca7_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:35705ecc01555ec8b6deda36aca73d4a1eb0fdee12ce66f6109cbfe46a9a89b9_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:492ce9081642ee43dd2de20b68f48c687bab9b23efcb6a77648f9a341687a818_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-28T18:50:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:0d0b1ab0e8c287286f19ce71d9aacba69510826347f4dda5e0ff7a2be0ef6c88_ppc64le",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:5b149e2f215085f5b969bde093fcac250682d48ccd2d1e671d55e945e02c5c24_arm64",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f68841818eebf6fd794a4766fcaddacc7476b02e5248a25db45ee325b9dbd682_s390x",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567_amd64",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:474ed76e1544436e6708c029329f4cebc72efdcfb2e2df751c3cd917224a8e4a_arm64",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:71ae5ff534f4f67cf99dedc3c21b247a3e88749fad856249e7ad746518671667_ppc64le",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:27778b1cea8867d0e5a1dd400fa4e605161fbaf7fa1e9eeacd63522bfd1cf5d6_ppc64le",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:3059a1db6a7041bad8c656287d8fcafc478ac15656fe95d030e9bafa967e8d9a_s390x",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957_amd64",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:50e6ff903856253916602dbb2e2fc5d0a2cf013fb710af1fb618c09aed30d09d_arm64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:063111faad5ce211e11c5eb2d61559d0b9a89178cdf86377e38599e7232d55d2_s390x",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:a4995bf30e14bcc454a978199f4b6b9fbdcb5668dd80ebaa05cd8b4d64486856_amd64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:24a009a20c555e5da425a4127ac944907db6a70e733bfd7d4009406430d2e615_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:a355c4029f781a38c9d0878fcfae79191751aafe63a88d0f7b00df66520fac6c_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:be8c3101ff144d717007d7871457df69e1158c993c8b4fe5deac7294b939e3ee_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:0e82ac7f8380539bbc82507e7ef55d9a97d79eaeb8c3c0ada81e6dddd29b19eb_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:2a9f38ceaf22ef7d06a072b6a590a63ad7169f9e5936ca81236723cae5f679e5_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:857e46130a3b0be6d76d45531518e44e59d3a10cfe635fd602b1e28c1d9f5ee8_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:5d7cb76f4424c2208d9aee8368b960137d69d173caf88c1c5c63b1880374550b_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d8772fc1fb3f4597dc0e0c0de6986cd0954a61ae67830d01a1e3e7ecfef0fb22_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:f950bddfb84693a35c98df847c1ccf486a4c480207f50b6836b0d0da1cce9e05_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:62db24300066a4f25fadc6f9f2e38d5ed52053932084524021b98ade564b8a5f_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:01918f08d522dcf429dfbdab99dfc0c57aa84a5073b084c5f83b6ab6dca805c3_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:bcc35ddbe11badbbf7fc900dbe53bd2ef3f51d867c5a64f59b7d43d1c5e801a6_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:befbf80f9941cb94914184c8459853b9575a795d39d827c40593de06a67bc6a0_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:0a37b41f0311547a307509c968071bf6449e48c42e8cdf2544e4378ac7359903_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:61f301f44a2b26dd73897046cdd9e511eaee0f026092aeb8c2b0c57a4cf3fb59_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:a47a609eb3c1a6f881592a3c080a413541c4682d60993c33f944f690095e99c7_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:e76d891b2cd11cbc1e7f033e3ec03e560759785d6cac10b07899413e4ebd4393_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:197a2a9ccf5939ffc38a2e81868ccddd908a79f713f72c06e56bcb34c7dd0ca7_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:35705ecc01555ec8b6deda36aca73d4a1eb0fdee12ce66f6109cbfe46a9a89b9_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:492ce9081642ee43dd2de20b68f48c687bab9b23efcb6a77648f9a341687a818_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7555"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:0d0b1ab0e8c287286f19ce71d9aacba69510826347f4dda5e0ff7a2be0ef6c88_ppc64le",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:5b149e2f215085f5b969bde093fcac250682d48ccd2d1e671d55e945e02c5c24_arm64",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f68841818eebf6fd794a4766fcaddacc7476b02e5248a25db45ee325b9dbd682_s390x",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567_amd64",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:474ed76e1544436e6708c029329f4cebc72efdcfb2e2df751c3cd917224a8e4a_arm64",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:71ae5ff534f4f67cf99dedc3c21b247a3e88749fad856249e7ad746518671667_ppc64le",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:27778b1cea8867d0e5a1dd400fa4e605161fbaf7fa1e9eeacd63522bfd1cf5d6_ppc64le",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:3059a1db6a7041bad8c656287d8fcafc478ac15656fe95d030e9bafa967e8d9a_s390x",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957_amd64",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:50e6ff903856253916602dbb2e2fc5d0a2cf013fb710af1fb618c09aed30d09d_arm64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:063111faad5ce211e11c5eb2d61559d0b9a89178cdf86377e38599e7232d55d2_s390x",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:a4995bf30e14bcc454a978199f4b6b9fbdcb5668dd80ebaa05cd8b4d64486856_amd64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:24a009a20c555e5da425a4127ac944907db6a70e733bfd7d4009406430d2e615_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:a355c4029f781a38c9d0878fcfae79191751aafe63a88d0f7b00df66520fac6c_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:be8c3101ff144d717007d7871457df69e1158c993c8b4fe5deac7294b939e3ee_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:0e82ac7f8380539bbc82507e7ef55d9a97d79eaeb8c3c0ada81e6dddd29b19eb_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:2a9f38ceaf22ef7d06a072b6a590a63ad7169f9e5936ca81236723cae5f679e5_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:857e46130a3b0be6d76d45531518e44e59d3a10cfe635fd602b1e28c1d9f5ee8_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:5d7cb76f4424c2208d9aee8368b960137d69d173caf88c1c5c63b1880374550b_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d8772fc1fb3f4597dc0e0c0de6986cd0954a61ae67830d01a1e3e7ecfef0fb22_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:f950bddfb84693a35c98df847c1ccf486a4c480207f50b6836b0d0da1cce9e05_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:62db24300066a4f25fadc6f9f2e38d5ed52053932084524021b98ade564b8a5f_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:01918f08d522dcf429dfbdab99dfc0c57aa84a5073b084c5f83b6ab6dca805c3_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:bcc35ddbe11badbbf7fc900dbe53bd2ef3f51d867c5a64f59b7d43d1c5e801a6_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:befbf80f9941cb94914184c8459853b9575a795d39d827c40593de06a67bc6a0_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:0a37b41f0311547a307509c968071bf6449e48c42e8cdf2544e4378ac7359903_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:61f301f44a2b26dd73897046cdd9e511eaee0f026092aeb8c2b0c57a4cf3fb59_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:a47a609eb3c1a6f881592a3c080a413541c4682d60993c33f944f690095e99c7_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:e76d891b2cd11cbc1e7f033e3ec03e560759785d6cac10b07899413e4ebd4393_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:197a2a9ccf5939ffc38a2e81868ccddd908a79f713f72c06e56bcb34c7dd0ca7_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:35705ecc01555ec8b6deda36aca73d4a1eb0fdee12ce66f6109cbfe46a9a89b9_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:492ce9081642ee43dd2de20b68f48c687bab9b23efcb6a77648f9a341687a818_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:0d0b1ab0e8c287286f19ce71d9aacba69510826347f4dda5e0ff7a2be0ef6c88_ppc64le",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:5b149e2f215085f5b969bde093fcac250682d48ccd2d1e671d55e945e02c5c24_arm64",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f68841818eebf6fd794a4766fcaddacc7476b02e5248a25db45ee325b9dbd682_s390x",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567_amd64",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:474ed76e1544436e6708c029329f4cebc72efdcfb2e2df751c3cd917224a8e4a_arm64",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:71ae5ff534f4f67cf99dedc3c21b247a3e88749fad856249e7ad746518671667_ppc64le",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:27778b1cea8867d0e5a1dd400fa4e605161fbaf7fa1e9eeacd63522bfd1cf5d6_ppc64le",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:3059a1db6a7041bad8c656287d8fcafc478ac15656fe95d030e9bafa967e8d9a_s390x",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957_amd64",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:50e6ff903856253916602dbb2e2fc5d0a2cf013fb710af1fb618c09aed30d09d_arm64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:063111faad5ce211e11c5eb2d61559d0b9a89178cdf86377e38599e7232d55d2_s390x",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:a4995bf30e14bcc454a978199f4b6b9fbdcb5668dd80ebaa05cd8b4d64486856_amd64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:24a009a20c555e5da425a4127ac944907db6a70e733bfd7d4009406430d2e615_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:a355c4029f781a38c9d0878fcfae79191751aafe63a88d0f7b00df66520fac6c_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:be8c3101ff144d717007d7871457df69e1158c993c8b4fe5deac7294b939e3ee_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:0e82ac7f8380539bbc82507e7ef55d9a97d79eaeb8c3c0ada81e6dddd29b19eb_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:2a9f38ceaf22ef7d06a072b6a590a63ad7169f9e5936ca81236723cae5f679e5_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:857e46130a3b0be6d76d45531518e44e59d3a10cfe635fd602b1e28c1d9f5ee8_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:5d7cb76f4424c2208d9aee8368b960137d69d173caf88c1c5c63b1880374550b_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d8772fc1fb3f4597dc0e0c0de6986cd0954a61ae67830d01a1e3e7ecfef0fb22_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:f950bddfb84693a35c98df847c1ccf486a4c480207f50b6836b0d0da1cce9e05_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:62db24300066a4f25fadc6f9f2e38d5ed52053932084524021b98ade564b8a5f_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:01918f08d522dcf429dfbdab99dfc0c57aa84a5073b084c5f83b6ab6dca805c3_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:bcc35ddbe11badbbf7fc900dbe53bd2ef3f51d867c5a64f59b7d43d1c5e801a6_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:befbf80f9941cb94914184c8459853b9575a795d39d827c40593de06a67bc6a0_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:0a37b41f0311547a307509c968071bf6449e48c42e8cdf2544e4378ac7359903_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:61f301f44a2b26dd73897046cdd9e511eaee0f026092aeb8c2b0c57a4cf3fb59_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:a47a609eb3c1a6f881592a3c080a413541c4682d60993c33f944f690095e99c7_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:e76d891b2cd11cbc1e7f033e3ec03e560759785d6cac10b07899413e4ebd4393_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:197a2a9ccf5939ffc38a2e81868ccddd908a79f713f72c06e56bcb34c7dd0ca7_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:35705ecc01555ec8b6deda36aca73d4a1eb0fdee12ce66f6109cbfe46a9a89b9_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:492ce9081642ee43dd2de20b68f48c687bab9b23efcb6a77648f9a341687a818_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
},
{
"cve": "CVE-2023-45142",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-10-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:0d0b1ab0e8c287286f19ce71d9aacba69510826347f4dda5e0ff7a2be0ef6c88_ppc64le",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:5b149e2f215085f5b969bde093fcac250682d48ccd2d1e671d55e945e02c5c24_arm64",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f68841818eebf6fd794a4766fcaddacc7476b02e5248a25db45ee325b9dbd682_s390x",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:27778b1cea8867d0e5a1dd400fa4e605161fbaf7fa1e9eeacd63522bfd1cf5d6_ppc64le",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:3059a1db6a7041bad8c656287d8fcafc478ac15656fe95d030e9bafa967e8d9a_s390x",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957_amd64",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:50e6ff903856253916602dbb2e2fc5d0a2cf013fb710af1fb618c09aed30d09d_arm64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:063111faad5ce211e11c5eb2d61559d0b9a89178cdf86377e38599e7232d55d2_s390x",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:a4995bf30e14bcc454a978199f4b6b9fbdcb5668dd80ebaa05cd8b4d64486856_amd64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:24a009a20c555e5da425a4127ac944907db6a70e733bfd7d4009406430d2e615_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:a355c4029f781a38c9d0878fcfae79191751aafe63a88d0f7b00df66520fac6c_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:be8c3101ff144d717007d7871457df69e1158c993c8b4fe5deac7294b939e3ee_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:5d7cb76f4424c2208d9aee8368b960137d69d173caf88c1c5c63b1880374550b_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d8772fc1fb3f4597dc0e0c0de6986cd0954a61ae67830d01a1e3e7ecfef0fb22_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:f950bddfb84693a35c98df847c1ccf486a4c480207f50b6836b0d0da1cce9e05_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:62db24300066a4f25fadc6f9f2e38d5ed52053932084524021b98ade564b8a5f_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:01918f08d522dcf429dfbdab99dfc0c57aa84a5073b084c5f83b6ab6dca805c3_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:bcc35ddbe11badbbf7fc900dbe53bd2ef3f51d867c5a64f59b7d43d1c5e801a6_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:befbf80f9941cb94914184c8459853b9575a795d39d827c40593de06a67bc6a0_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2245180"
}
],
"notes": [
{
"category": "description",
"text": "A memory leak was found in the otelhttp handler of open-telemetry. This flaw allows a remote, unauthenticated attacker to exhaust the server\u0027s memory by sending many malicious requests, affecting the availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "opentelemetry: DoS vulnerability in otelhttp",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While no authentication is required, there are a significant number of non-default factors which prevent widespread exploitation of this flaw. For a service to be affected, all of the following must be true:\n* The go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp package must be in use\n* Configured a metrics pipeline which uses the otelhttp.NewHandler wrapper function\n* No filtering of unknown HTTP methods or user agents at a higher level (such as Content Delivery Network/Load Balancer/etc...)\n\nDue to the limited attack surface, Red Hat Product Security rates the impact as Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567_amd64",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:474ed76e1544436e6708c029329f4cebc72efdcfb2e2df751c3cd917224a8e4a_arm64",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:71ae5ff534f4f67cf99dedc3c21b247a3e88749fad856249e7ad746518671667_ppc64le",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:0e82ac7f8380539bbc82507e7ef55d9a97d79eaeb8c3c0ada81e6dddd29b19eb_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:2a9f38ceaf22ef7d06a072b6a590a63ad7169f9e5936ca81236723cae5f679e5_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:857e46130a3b0be6d76d45531518e44e59d3a10cfe635fd602b1e28c1d9f5ee8_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:0a37b41f0311547a307509c968071bf6449e48c42e8cdf2544e4378ac7359903_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:61f301f44a2b26dd73897046cdd9e511eaee0f026092aeb8c2b0c57a4cf3fb59_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:a47a609eb3c1a6f881592a3c080a413541c4682d60993c33f944f690095e99c7_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:e76d891b2cd11cbc1e7f033e3ec03e560759785d6cac10b07899413e4ebd4393_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:197a2a9ccf5939ffc38a2e81868ccddd908a79f713f72c06e56bcb34c7dd0ca7_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:35705ecc01555ec8b6deda36aca73d4a1eb0fdee12ce66f6109cbfe46a9a89b9_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:492ce9081642ee43dd2de20b68f48c687bab9b23efcb6a77648f9a341687a818_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le"
],
"known_not_affected": [
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:0d0b1ab0e8c287286f19ce71d9aacba69510826347f4dda5e0ff7a2be0ef6c88_ppc64le",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:5b149e2f215085f5b969bde093fcac250682d48ccd2d1e671d55e945e02c5c24_arm64",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f68841818eebf6fd794a4766fcaddacc7476b02e5248a25db45ee325b9dbd682_s390x",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:27778b1cea8867d0e5a1dd400fa4e605161fbaf7fa1e9eeacd63522bfd1cf5d6_ppc64le",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:3059a1db6a7041bad8c656287d8fcafc478ac15656fe95d030e9bafa967e8d9a_s390x",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957_amd64",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:50e6ff903856253916602dbb2e2fc5d0a2cf013fb710af1fb618c09aed30d09d_arm64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:063111faad5ce211e11c5eb2d61559d0b9a89178cdf86377e38599e7232d55d2_s390x",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:a4995bf30e14bcc454a978199f4b6b9fbdcb5668dd80ebaa05cd8b4d64486856_amd64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:24a009a20c555e5da425a4127ac944907db6a70e733bfd7d4009406430d2e615_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:a355c4029f781a38c9d0878fcfae79191751aafe63a88d0f7b00df66520fac6c_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:be8c3101ff144d717007d7871457df69e1158c993c8b4fe5deac7294b939e3ee_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:5d7cb76f4424c2208d9aee8368b960137d69d173caf88c1c5c63b1880374550b_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d8772fc1fb3f4597dc0e0c0de6986cd0954a61ae67830d01a1e3e7ecfef0fb22_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:f950bddfb84693a35c98df847c1ccf486a4c480207f50b6836b0d0da1cce9e05_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:62db24300066a4f25fadc6f9f2e38d5ed52053932084524021b98ade564b8a5f_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:01918f08d522dcf429dfbdab99dfc0c57aa84a5073b084c5f83b6ab6dca805c3_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:bcc35ddbe11badbbf7fc900dbe53bd2ef3f51d867c5a64f59b7d43d1c5e801a6_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:befbf80f9941cb94914184c8459853b9575a795d39d827c40593de06a67bc6a0_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45142"
},
{
"category": "external",
"summary": "RHBZ#2245180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245180"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45142",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45142"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45142",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45142"
},
{
"category": "external",
"summary": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr",
"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr"
}
],
"release_date": "2023-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-28T18:50:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567_amd64",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:474ed76e1544436e6708c029329f4cebc72efdcfb2e2df751c3cd917224a8e4a_arm64",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:71ae5ff534f4f67cf99dedc3c21b247a3e88749fad856249e7ad746518671667_ppc64le",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:0e82ac7f8380539bbc82507e7ef55d9a97d79eaeb8c3c0ada81e6dddd29b19eb_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:2a9f38ceaf22ef7d06a072b6a590a63ad7169f9e5936ca81236723cae5f679e5_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:857e46130a3b0be6d76d45531518e44e59d3a10cfe635fd602b1e28c1d9f5ee8_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:0a37b41f0311547a307509c968071bf6449e48c42e8cdf2544e4378ac7359903_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:61f301f44a2b26dd73897046cdd9e511eaee0f026092aeb8c2b0c57a4cf3fb59_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:a47a609eb3c1a6f881592a3c080a413541c4682d60993c33f944f690095e99c7_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:e76d891b2cd11cbc1e7f033e3ec03e560759785d6cac10b07899413e4ebd4393_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:197a2a9ccf5939ffc38a2e81868ccddd908a79f713f72c06e56bcb34c7dd0ca7_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:35705ecc01555ec8b6deda36aca73d4a1eb0fdee12ce66f6109cbfe46a9a89b9_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:492ce9081642ee43dd2de20b68f48c687bab9b23efcb6a77648f9a341687a818_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7555"
},
{
"category": "workaround",
"details": "As a workaround to stop being affected otelhttp.WithFilter() can be used.\n\nFor convenience and safe usage of this library, it should by default mark with the label unknown non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.\n\nThe other possibility is to disable HTTP metrics instrumentation by passing otelhttp.WithMeterProvider option with noop.NewMeterProvider.",
"product_ids": [
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:0d0b1ab0e8c287286f19ce71d9aacba69510826347f4dda5e0ff7a2be0ef6c88_ppc64le",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:5b149e2f215085f5b969bde093fcac250682d48ccd2d1e671d55e945e02c5c24_arm64",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f68841818eebf6fd794a4766fcaddacc7476b02e5248a25db45ee325b9dbd682_s390x",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567_amd64",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:474ed76e1544436e6708c029329f4cebc72efdcfb2e2df751c3cd917224a8e4a_arm64",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:71ae5ff534f4f67cf99dedc3c21b247a3e88749fad856249e7ad746518671667_ppc64le",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:27778b1cea8867d0e5a1dd400fa4e605161fbaf7fa1e9eeacd63522bfd1cf5d6_ppc64le",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:3059a1db6a7041bad8c656287d8fcafc478ac15656fe95d030e9bafa967e8d9a_s390x",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957_amd64",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:50e6ff903856253916602dbb2e2fc5d0a2cf013fb710af1fb618c09aed30d09d_arm64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:063111faad5ce211e11c5eb2d61559d0b9a89178cdf86377e38599e7232d55d2_s390x",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:a4995bf30e14bcc454a978199f4b6b9fbdcb5668dd80ebaa05cd8b4d64486856_amd64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:24a009a20c555e5da425a4127ac944907db6a70e733bfd7d4009406430d2e615_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:a355c4029f781a38c9d0878fcfae79191751aafe63a88d0f7b00df66520fac6c_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:be8c3101ff144d717007d7871457df69e1158c993c8b4fe5deac7294b939e3ee_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:0e82ac7f8380539bbc82507e7ef55d9a97d79eaeb8c3c0ada81e6dddd29b19eb_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:2a9f38ceaf22ef7d06a072b6a590a63ad7169f9e5936ca81236723cae5f679e5_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:857e46130a3b0be6d76d45531518e44e59d3a10cfe635fd602b1e28c1d9f5ee8_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:5d7cb76f4424c2208d9aee8368b960137d69d173caf88c1c5c63b1880374550b_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d8772fc1fb3f4597dc0e0c0de6986cd0954a61ae67830d01a1e3e7ecfef0fb22_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:f950bddfb84693a35c98df847c1ccf486a4c480207f50b6836b0d0da1cce9e05_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:62db24300066a4f25fadc6f9f2e38d5ed52053932084524021b98ade564b8a5f_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:01918f08d522dcf429dfbdab99dfc0c57aa84a5073b084c5f83b6ab6dca805c3_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:bcc35ddbe11badbbf7fc900dbe53bd2ef3f51d867c5a64f59b7d43d1c5e801a6_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:befbf80f9941cb94914184c8459853b9575a795d39d827c40593de06a67bc6a0_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:0a37b41f0311547a307509c968071bf6449e48c42e8cdf2544e4378ac7359903_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:61f301f44a2b26dd73897046cdd9e511eaee0f026092aeb8c2b0c57a4cf3fb59_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:a47a609eb3c1a6f881592a3c080a413541c4682d60993c33f944f690095e99c7_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:e76d891b2cd11cbc1e7f033e3ec03e560759785d6cac10b07899413e4ebd4393_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:197a2a9ccf5939ffc38a2e81868ccddd908a79f713f72c06e56bcb34c7dd0ca7_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:35705ecc01555ec8b6deda36aca73d4a1eb0fdee12ce66f6109cbfe46a9a89b9_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:492ce9081642ee43dd2de20b68f48c687bab9b23efcb6a77648f9a341687a818_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:0d0b1ab0e8c287286f19ce71d9aacba69510826347f4dda5e0ff7a2be0ef6c88_ppc64le",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:5b149e2f215085f5b969bde093fcac250682d48ccd2d1e671d55e945e02c5c24_arm64",
"9Base-OADP-1.3:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f68841818eebf6fd794a4766fcaddacc7476b02e5248a25db45ee325b9dbd682_s390x",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567_amd64",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:474ed76e1544436e6708c029329f4cebc72efdcfb2e2df751c3cd917224a8e4a_arm64",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:71ae5ff534f4f67cf99dedc3c21b247a3e88749fad856249e7ad746518671667_ppc64le",
"9Base-OADP-1.3:oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:27778b1cea8867d0e5a1dd400fa4e605161fbaf7fa1e9eeacd63522bfd1cf5d6_ppc64le",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:3059a1db6a7041bad8c656287d8fcafc478ac15656fe95d030e9bafa967e8d9a_s390x",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957_amd64",
"9Base-OADP-1.3:oadp/oadp-operator-bundle@sha256:50e6ff903856253916602dbb2e2fc5d0a2cf013fb710af1fb618c09aed30d09d_arm64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:063111faad5ce211e11c5eb2d61559d0b9a89178cdf86377e38599e7232d55d2_s390x",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:a4995bf30e14bcc454a978199f4b6b9fbdcb5668dd80ebaa05cd8b4d64486856_amd64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64",
"9Base-OADP-1.3:oadp/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:24a009a20c555e5da425a4127ac944907db6a70e733bfd7d4009406430d2e615_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:a355c4029f781a38c9d0878fcfae79191751aafe63a88d0f7b00df66520fac6c_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:be8c3101ff144d717007d7871457df69e1158c993c8b4fe5deac7294b939e3ee_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:0e82ac7f8380539bbc82507e7ef55d9a97d79eaeb8c3c0ada81e6dddd29b19eb_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:2a9f38ceaf22ef7d06a072b6a590a63ad7169f9e5936ca81236723cae5f679e5_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-csi-rhel9@sha256:857e46130a3b0be6d76d45531518e44e59d3a10cfe635fd602b1e28c1d9f5ee8_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:5d7cb76f4424c2208d9aee8368b960137d69d173caf88c1c5c63b1880374550b_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d8772fc1fb3f4597dc0e0c0de6986cd0954a61ae67830d01a1e3e7ecfef0fb22_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:f950bddfb84693a35c98df847c1ccf486a4c480207f50b6836b0d0da1cce9e05_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:62db24300066a4f25fadc6f9f2e38d5ed52053932084524021b98ade564b8a5f_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:01918f08d522dcf429dfbdab99dfc0c57aa84a5073b084c5f83b6ab6dca805c3_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:bcc35ddbe11badbbf7fc900dbe53bd2ef3f51d867c5a64f59b7d43d1c5e801a6_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-plugin-rhel9@sha256:befbf80f9941cb94914184c8459853b9575a795d39d827c40593de06a67bc6a0_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:0a37b41f0311547a307509c968071bf6449e48c42e8cdf2544e4378ac7359903_ppc64le",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:61f301f44a2b26dd73897046cdd9e511eaee0f026092aeb8c2b0c57a4cf3fb59_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:a47a609eb3c1a6f881592a3c080a413541c4682d60993c33f944f690095e99c7_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:e76d891b2cd11cbc1e7f033e3ec03e560759785d6cac10b07899413e4ebd4393_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:197a2a9ccf5939ffc38a2e81868ccddd908a79f713f72c06e56bcb34c7dd0ca7_arm64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:35705ecc01555ec8b6deda36aca73d4a1eb0fdee12ce66f6109cbfe46a9a89b9_amd64",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:492ce9081642ee43dd2de20b68f48c687bab9b23efcb6a77648f9a341687a818_s390x",
"9Base-OADP-1.3:oadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "opentelemetry: DoS vulnerability in otelhttp"
}
]
}
RHSA-2023:7587
Vulnerability from csaf_redhat - Published: 2023-11-29 18:13 - Updated: 2026-06-02 15:03Summary
Red Hat Security Advisory: Updated IBM Business Automation Manager Open Editions 8.0.4 SP1 Images
Severity
Important
Notes
Topic: An update is now available for IBM Business Automation Manager Open Editions including images for Red Hat OpenShift Container Platform.
Details: IBM Business Automation Manager Open Editions is an open source business process management suite that combines process management and decision service management. It enables business and IT users to create, manage, validate, and deploy process applications and decision services.
IBM Business Automation Manager Open Editions images have been provided for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) and for on-premise or private-cloud deployments.
This release updates the IBM Business Automation Manager Open Editions images to 8.0.4.
This release includes security fixes.
Security Fix(es):
* netty-codec-http2: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* Quarkus: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* EAP XP: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* EAP: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* businessautomation-operator: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-Middleware:ibm-bamoe-tech-preview/bamoe-kogito-runtime-native-rhel8@sha256:db4267235a69729c0cdc7a8af7d84afeeea6b1cda81e2c9411d5307f11c45bde_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:ibm-bamoe/bamoe-businesscentral-monitoring-rhel8@sha256:72999c6bcd08c26d15813fa4a813749f1349cafeb7d155ecf262e6cbdf6a0b33_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:ibm-bamoe/bamoe-businesscentral-rhel8@sha256:bdb79faae81c9624759b0b7acb9825004e377ac5186fefa4be3393c21f41a869_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:ibm-bamoe/bamoe-controller-rhel8@sha256:4257937e0e3fe3c0dc7b150fb111738c3bf8416781fe15f7245a0b2f9dc604c9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:ibm-bamoe/bamoe-dashbuilder-rhel8@sha256:f0efba2fc020c17063ade1ab8860c1f63a6bba74228587ad6c0582001249e6cc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kieserver-rhel8@sha256:a02e0a493f8651a31614dc30a3e803df08c9563e9f5da21a9710a7d010dfca2f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-builder-rhel8@sha256:53a848ec0126dd74180697bd76d83f02151ce08dcb1ddda59a4b2ebdcae44047_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-builder-rhel8@sha256:b212e8d2ee392c732960889369d51c885f5eabd9f76a586189e75d8e54fa12ed_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-rhel8-operator-bundle@sha256:331ca81863339a0b8d52f127e860209ac3be2cf05fb4d26f3162eb3ee81f605c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-rhel8-operator-bundle@sha256:86854b56abee2f78540bd5c3dae1d874ed0281fb756d3d06faa17cb9386b55b8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-rhel8-operator@sha256:1f2f53c48f1d8e997b0a8ec314405ac90126e710cc2f25d4362c250499cc927b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-rhel8-operator@sha256:f883b2a9cfb1516222e86f3994a7560233f1b96ae25d0421922bfcfe6935fa16_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-runtime-jvm-rhel8@sha256:1a3a50a1af4d78bc70a9c11a42f059bd372454ce84913c3b78021180ec4d0bdf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-runtime-jvm-rhel8@sha256:db94353ed91569bacb79c0f434deff478e01469671ef3af6804940cef31c7492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:ibm-bamoe/bamoe-operator-bundle@sha256:f4d8d5f8bde0fdd607b889da98e039610f306f45e05074435db0e00d4c62785e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:ibm-bamoe/bamoe-process-migration-rhel8@sha256:fdfeda38dd932c4aa9f63b4f5e758b823eb079c90f068a482f92c4aa8e880664_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:ibm-bamoe/bamoe-rhel8-operator@sha256:76a66069057cc21cc1476e0b20defaf78178343c8c16de5b5af7c5d3be846474_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:ibm-bamoe/bamoe-smartrouter-rhel8@sha256:90dae7252e3c285e1b1d318dd0831f851a7be4608b8f8b82384c7236049b6442_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for IBM Business Automation Manager Open Editions including images for Red Hat OpenShift Container Platform.",
"title": "Topic"
},
{
"category": "general",
"text": "IBM Business Automation Manager Open Editions is an open source business process management suite that combines process management and decision service management. It enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nIBM Business Automation Manager Open Editions images have been provided for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) and for on-premise or private-cloud deployments.\n\nThis release updates the IBM Business Automation Manager Open Editions images to 8.0.4.\n\nThis release includes security fixes.\n\nSecurity Fix(es):\n\n* netty-codec-http2: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* Quarkus: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* EAP XP: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* EAP: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* businessautomation-operator: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7587",
"url": "https://access.redhat.com/errata/RHSA-2023:7587"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHPAM-4816",
"url": "https://issues.redhat.com/browse/RHPAM-4816"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7587.json"
}
],
"title": "Red Hat Security Advisory: Updated IBM Business Automation Manager Open Editions 8.0.4 SP1 Images",
"tracking": {
"current_release_date": "2026-06-02T15:03:55+00:00",
"generator": {
"date": "2026-06-02T15:03:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:7587",
"initial_release_date": "2023-11-29T18:13:51+00:00",
"revision_history": [
{
"date": "2023-11-29T18:13:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-29T18:13:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T15:03:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Middleware Containers for OpenShift",
"product": {
"name": "Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhosemc:1.0::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "ibm-bamoe/bamoe-businesscentral-monitoring-rhel8@sha256:72999c6bcd08c26d15813fa4a813749f1349cafeb7d155ecf262e6cbdf6a0b33_amd64",
"product": {
"name": "ibm-bamoe/bamoe-businesscentral-monitoring-rhel8@sha256:72999c6bcd08c26d15813fa4a813749f1349cafeb7d155ecf262e6cbdf6a0b33_amd64",
"product_id": "ibm-bamoe/bamoe-businesscentral-monitoring-rhel8@sha256:72999c6bcd08c26d15813fa4a813749f1349cafeb7d155ecf262e6cbdf6a0b33_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bamoe-businesscentral-monitoring-rhel8@sha256:72999c6bcd08c26d15813fa4a813749f1349cafeb7d155ecf262e6cbdf6a0b33?arch=amd64\u0026repository_url=registry.redhat.io/ibm-bamoe/bamoe-businesscentral-monitoring-rhel8\u0026tag=8.0.4-4"
}
}
},
{
"category": "product_version",
"name": "ibm-bamoe/bamoe-businesscentral-rhel8@sha256:bdb79faae81c9624759b0b7acb9825004e377ac5186fefa4be3393c21f41a869_amd64",
"product": {
"name": "ibm-bamoe/bamoe-businesscentral-rhel8@sha256:bdb79faae81c9624759b0b7acb9825004e377ac5186fefa4be3393c21f41a869_amd64",
"product_id": "ibm-bamoe/bamoe-businesscentral-rhel8@sha256:bdb79faae81c9624759b0b7acb9825004e377ac5186fefa4be3393c21f41a869_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bamoe-businesscentral-rhel8@sha256:bdb79faae81c9624759b0b7acb9825004e377ac5186fefa4be3393c21f41a869?arch=amd64\u0026repository_url=registry.redhat.io/ibm-bamoe/bamoe-businesscentral-rhel8\u0026tag=8.0.4-4"
}
}
},
{
"category": "product_version",
"name": "ibm-bamoe/bamoe-controller-rhel8@sha256:4257937e0e3fe3c0dc7b150fb111738c3bf8416781fe15f7245a0b2f9dc604c9_amd64",
"product": {
"name": "ibm-bamoe/bamoe-controller-rhel8@sha256:4257937e0e3fe3c0dc7b150fb111738c3bf8416781fe15f7245a0b2f9dc604c9_amd64",
"product_id": "ibm-bamoe/bamoe-controller-rhel8@sha256:4257937e0e3fe3c0dc7b150fb111738c3bf8416781fe15f7245a0b2f9dc604c9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bamoe-controller-rhel8@sha256:4257937e0e3fe3c0dc7b150fb111738c3bf8416781fe15f7245a0b2f9dc604c9?arch=amd64\u0026repository_url=registry.redhat.io/ibm-bamoe/bamoe-controller-rhel8\u0026tag=8.0.4-4"
}
}
},
{
"category": "product_version",
"name": "ibm-bamoe/bamoe-dashbuilder-rhel8@sha256:f0efba2fc020c17063ade1ab8860c1f63a6bba74228587ad6c0582001249e6cc_amd64",
"product": {
"name": "ibm-bamoe/bamoe-dashbuilder-rhel8@sha256:f0efba2fc020c17063ade1ab8860c1f63a6bba74228587ad6c0582001249e6cc_amd64",
"product_id": "ibm-bamoe/bamoe-dashbuilder-rhel8@sha256:f0efba2fc020c17063ade1ab8860c1f63a6bba74228587ad6c0582001249e6cc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bamoe-dashbuilder-rhel8@sha256:f0efba2fc020c17063ade1ab8860c1f63a6bba74228587ad6c0582001249e6cc?arch=amd64\u0026repository_url=registry.redhat.io/ibm-bamoe/bamoe-dashbuilder-rhel8\u0026tag=8.0.4-4"
}
}
},
{
"category": "product_version",
"name": "ibm-bamoe/bamoe-kieserver-rhel8@sha256:a02e0a493f8651a31614dc30a3e803df08c9563e9f5da21a9710a7d010dfca2f_amd64",
"product": {
"name": "ibm-bamoe/bamoe-kieserver-rhel8@sha256:a02e0a493f8651a31614dc30a3e803df08c9563e9f5da21a9710a7d010dfca2f_amd64",
"product_id": "ibm-bamoe/bamoe-kieserver-rhel8@sha256:a02e0a493f8651a31614dc30a3e803df08c9563e9f5da21a9710a7d010dfca2f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bamoe-kieserver-rhel8@sha256:a02e0a493f8651a31614dc30a3e803df08c9563e9f5da21a9710a7d010dfca2f?arch=amd64\u0026repository_url=registry.redhat.io/ibm-bamoe/bamoe-kieserver-rhel8\u0026tag=8.0.4-4"
}
}
},
{
"category": "product_version",
"name": "ibm-bamoe/bamoe-kogito-builder-rhel8@sha256:b212e8d2ee392c732960889369d51c885f5eabd9f76a586189e75d8e54fa12ed_amd64",
"product": {
"name": "ibm-bamoe/bamoe-kogito-builder-rhel8@sha256:b212e8d2ee392c732960889369d51c885f5eabd9f76a586189e75d8e54fa12ed_amd64",
"product_id": "ibm-bamoe/bamoe-kogito-builder-rhel8@sha256:b212e8d2ee392c732960889369d51c885f5eabd9f76a586189e75d8e54fa12ed_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bamoe-kogito-builder-rhel8@sha256:b212e8d2ee392c732960889369d51c885f5eabd9f76a586189e75d8e54fa12ed?arch=amd64\u0026repository_url=registry.redhat.io/ibm-bamoe/bamoe-kogito-builder-rhel8\u0026tag=8.0.4-3"
}
}
},
{
"category": "product_version",
"name": "ibm-bamoe/bamoe-kogito-rhel8-operator-bundle@sha256:331ca81863339a0b8d52f127e860209ac3be2cf05fb4d26f3162eb3ee81f605c_amd64",
"product": {
"name": "ibm-bamoe/bamoe-kogito-rhel8-operator-bundle@sha256:331ca81863339a0b8d52f127e860209ac3be2cf05fb4d26f3162eb3ee81f605c_amd64",
"product_id": "ibm-bamoe/bamoe-kogito-rhel8-operator-bundle@sha256:331ca81863339a0b8d52f127e860209ac3be2cf05fb4d26f3162eb3ee81f605c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bamoe-kogito-rhel8-operator-bundle@sha256:331ca81863339a0b8d52f127e860209ac3be2cf05fb4d26f3162eb3ee81f605c?arch=amd64\u0026repository_url=registry.redhat.io/ibm-bamoe/bamoe-kogito-rhel8-operator-bundle\u0026tag=8.0.4-3"
}
}
},
{
"category": "product_version",
"name": "ibm-bamoe/bamoe-kogito-rhel8-operator@sha256:f883b2a9cfb1516222e86f3994a7560233f1b96ae25d0421922bfcfe6935fa16_amd64",
"product": {
"name": "ibm-bamoe/bamoe-kogito-rhel8-operator@sha256:f883b2a9cfb1516222e86f3994a7560233f1b96ae25d0421922bfcfe6935fa16_amd64",
"product_id": "ibm-bamoe/bamoe-kogito-rhel8-operator@sha256:f883b2a9cfb1516222e86f3994a7560233f1b96ae25d0421922bfcfe6935fa16_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bamoe-kogito-rhel8-operator@sha256:f883b2a9cfb1516222e86f3994a7560233f1b96ae25d0421922bfcfe6935fa16?arch=amd64\u0026repository_url=registry.redhat.io/ibm-bamoe/bamoe-kogito-rhel8-operator\u0026tag=8.0.4-3"
}
}
},
{
"category": "product_version",
"name": "ibm-bamoe/bamoe-kogito-runtime-jvm-rhel8@sha256:db94353ed91569bacb79c0f434deff478e01469671ef3af6804940cef31c7492_amd64",
"product": {
"name": "ibm-bamoe/bamoe-kogito-runtime-jvm-rhel8@sha256:db94353ed91569bacb79c0f434deff478e01469671ef3af6804940cef31c7492_amd64",
"product_id": "ibm-bamoe/bamoe-kogito-runtime-jvm-rhel8@sha256:db94353ed91569bacb79c0f434deff478e01469671ef3af6804940cef31c7492_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bamoe-kogito-runtime-jvm-rhel8@sha256:db94353ed91569bacb79c0f434deff478e01469671ef3af6804940cef31c7492?arch=amd64\u0026repository_url=registry.redhat.io/ibm-bamoe/bamoe-kogito-runtime-jvm-rhel8\u0026tag=8.0.4-3"
}
}
},
{
"category": "product_version",
"name": "ibm-bamoe-tech-preview/bamoe-kogito-runtime-native-rhel8@sha256:db4267235a69729c0cdc7a8af7d84afeeea6b1cda81e2c9411d5307f11c45bde_amd64",
"product": {
"name": "ibm-bamoe-tech-preview/bamoe-kogito-runtime-native-rhel8@sha256:db4267235a69729c0cdc7a8af7d84afeeea6b1cda81e2c9411d5307f11c45bde_amd64",
"product_id": "ibm-bamoe-tech-preview/bamoe-kogito-runtime-native-rhel8@sha256:db4267235a69729c0cdc7a8af7d84afeeea6b1cda81e2c9411d5307f11c45bde_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bamoe-kogito-runtime-native-rhel8@sha256:db4267235a69729c0cdc7a8af7d84afeeea6b1cda81e2c9411d5307f11c45bde?arch=amd64\u0026repository_url=registry.redhat.io/ibm-bamoe-tech-preview/bamoe-kogito-runtime-native-rhel8\u0026tag=8.0.4-3"
}
}
},
{
"category": "product_version",
"name": "ibm-bamoe/bamoe-operator-bundle@sha256:f4d8d5f8bde0fdd607b889da98e039610f306f45e05074435db0e00d4c62785e_amd64",
"product": {
"name": "ibm-bamoe/bamoe-operator-bundle@sha256:f4d8d5f8bde0fdd607b889da98e039610f306f45e05074435db0e00d4c62785e_amd64",
"product_id": "ibm-bamoe/bamoe-operator-bundle@sha256:f4d8d5f8bde0fdd607b889da98e039610f306f45e05074435db0e00d4c62785e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bamoe-operator-bundle@sha256:f4d8d5f8bde0fdd607b889da98e039610f306f45e05074435db0e00d4c62785e?arch=amd64\u0026repository_url=registry.redhat.io/ibm-bamoe/bamoe-operator-bundle\u0026tag=8.0.4-6"
}
}
},
{
"category": "product_version",
"name": "ibm-bamoe/bamoe-process-migration-rhel8@sha256:fdfeda38dd932c4aa9f63b4f5e758b823eb079c90f068a482f92c4aa8e880664_amd64",
"product": {
"name": "ibm-bamoe/bamoe-process-migration-rhel8@sha256:fdfeda38dd932c4aa9f63b4f5e758b823eb079c90f068a482f92c4aa8e880664_amd64",
"product_id": "ibm-bamoe/bamoe-process-migration-rhel8@sha256:fdfeda38dd932c4aa9f63b4f5e758b823eb079c90f068a482f92c4aa8e880664_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bamoe-process-migration-rhel8@sha256:fdfeda38dd932c4aa9f63b4f5e758b823eb079c90f068a482f92c4aa8e880664?arch=amd64\u0026repository_url=registry.redhat.io/ibm-bamoe/bamoe-process-migration-rhel8\u0026tag=8.0.4-4"
}
}
},
{
"category": "product_version",
"name": "ibm-bamoe/bamoe-rhel8-operator@sha256:76a66069057cc21cc1476e0b20defaf78178343c8c16de5b5af7c5d3be846474_amd64",
"product": {
"name": "ibm-bamoe/bamoe-rhel8-operator@sha256:76a66069057cc21cc1476e0b20defaf78178343c8c16de5b5af7c5d3be846474_amd64",
"product_id": "ibm-bamoe/bamoe-rhel8-operator@sha256:76a66069057cc21cc1476e0b20defaf78178343c8c16de5b5af7c5d3be846474_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bamoe-rhel8-operator@sha256:76a66069057cc21cc1476e0b20defaf78178343c8c16de5b5af7c5d3be846474?arch=amd64\u0026repository_url=registry.redhat.io/ibm-bamoe/bamoe-rhel8-operator\u0026tag=8.0.4-4"
}
}
},
{
"category": "product_version",
"name": "ibm-bamoe/bamoe-smartrouter-rhel8@sha256:90dae7252e3c285e1b1d318dd0831f851a7be4608b8f8b82384c7236049b6442_amd64",
"product": {
"name": "ibm-bamoe/bamoe-smartrouter-rhel8@sha256:90dae7252e3c285e1b1d318dd0831f851a7be4608b8f8b82384c7236049b6442_amd64",
"product_id": "ibm-bamoe/bamoe-smartrouter-rhel8@sha256:90dae7252e3c285e1b1d318dd0831f851a7be4608b8f8b82384c7236049b6442_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bamoe-smartrouter-rhel8@sha256:90dae7252e3c285e1b1d318dd0831f851a7be4608b8f8b82384c7236049b6442?arch=amd64\u0026repository_url=registry.redhat.io/ibm-bamoe/bamoe-smartrouter-rhel8\u0026tag=8.0.4-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "ibm-bamoe/bamoe-kogito-builder-rhel8@sha256:53a848ec0126dd74180697bd76d83f02151ce08dcb1ddda59a4b2ebdcae44047_ppc64le",
"product": {
"name": "ibm-bamoe/bamoe-kogito-builder-rhel8@sha256:53a848ec0126dd74180697bd76d83f02151ce08dcb1ddda59a4b2ebdcae44047_ppc64le",
"product_id": "ibm-bamoe/bamoe-kogito-builder-rhel8@sha256:53a848ec0126dd74180697bd76d83f02151ce08dcb1ddda59a4b2ebdcae44047_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/bamoe-kogito-builder-rhel8@sha256:53a848ec0126dd74180697bd76d83f02151ce08dcb1ddda59a4b2ebdcae44047?arch=ppc64le\u0026repository_url=registry.redhat.io/ibm-bamoe/bamoe-kogito-builder-rhel8\u0026tag=8.0.4-3"
}
}
},
{
"category": "product_version",
"name": "ibm-bamoe/bamoe-kogito-rhel8-operator-bundle@sha256:86854b56abee2f78540bd5c3dae1d874ed0281fb756d3d06faa17cb9386b55b8_ppc64le",
"product": {
"name": "ibm-bamoe/bamoe-kogito-rhel8-operator-bundle@sha256:86854b56abee2f78540bd5c3dae1d874ed0281fb756d3d06faa17cb9386b55b8_ppc64le",
"product_id": "ibm-bamoe/bamoe-kogito-rhel8-operator-bundle@sha256:86854b56abee2f78540bd5c3dae1d874ed0281fb756d3d06faa17cb9386b55b8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/bamoe-kogito-rhel8-operator-bundle@sha256:86854b56abee2f78540bd5c3dae1d874ed0281fb756d3d06faa17cb9386b55b8?arch=ppc64le\u0026repository_url=registry.redhat.io/ibm-bamoe/bamoe-kogito-rhel8-operator-bundle\u0026tag=8.0.4-3"
}
}
},
{
"category": "product_version",
"name": "ibm-bamoe/bamoe-kogito-rhel8-operator@sha256:1f2f53c48f1d8e997b0a8ec314405ac90126e710cc2f25d4362c250499cc927b_ppc64le",
"product": {
"name": "ibm-bamoe/bamoe-kogito-rhel8-operator@sha256:1f2f53c48f1d8e997b0a8ec314405ac90126e710cc2f25d4362c250499cc927b_ppc64le",
"product_id": "ibm-bamoe/bamoe-kogito-rhel8-operator@sha256:1f2f53c48f1d8e997b0a8ec314405ac90126e710cc2f25d4362c250499cc927b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/bamoe-kogito-rhel8-operator@sha256:1f2f53c48f1d8e997b0a8ec314405ac90126e710cc2f25d4362c250499cc927b?arch=ppc64le\u0026repository_url=registry.redhat.io/ibm-bamoe/bamoe-kogito-rhel8-operator\u0026tag=8.0.4-3"
}
}
},
{
"category": "product_version",
"name": "ibm-bamoe/bamoe-kogito-runtime-jvm-rhel8@sha256:1a3a50a1af4d78bc70a9c11a42f059bd372454ce84913c3b78021180ec4d0bdf_ppc64le",
"product": {
"name": "ibm-bamoe/bamoe-kogito-runtime-jvm-rhel8@sha256:1a3a50a1af4d78bc70a9c11a42f059bd372454ce84913c3b78021180ec4d0bdf_ppc64le",
"product_id": "ibm-bamoe/bamoe-kogito-runtime-jvm-rhel8@sha256:1a3a50a1af4d78bc70a9c11a42f059bd372454ce84913c3b78021180ec4d0bdf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/bamoe-kogito-runtime-jvm-rhel8@sha256:1a3a50a1af4d78bc70a9c11a42f059bd372454ce84913c3b78021180ec4d0bdf?arch=ppc64le\u0026repository_url=registry.redhat.io/ibm-bamoe/bamoe-kogito-runtime-jvm-rhel8\u0026tag=8.0.4-3"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ibm-bamoe-tech-preview/bamoe-kogito-runtime-native-rhel8@sha256:db4267235a69729c0cdc7a8af7d84afeeea6b1cda81e2c9411d5307f11c45bde_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:ibm-bamoe-tech-preview/bamoe-kogito-runtime-native-rhel8@sha256:db4267235a69729c0cdc7a8af7d84afeeea6b1cda81e2c9411d5307f11c45bde_amd64"
},
"product_reference": "ibm-bamoe-tech-preview/bamoe-kogito-runtime-native-rhel8@sha256:db4267235a69729c0cdc7a8af7d84afeeea6b1cda81e2c9411d5307f11c45bde_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ibm-bamoe/bamoe-businesscentral-monitoring-rhel8@sha256:72999c6bcd08c26d15813fa4a813749f1349cafeb7d155ecf262e6cbdf6a0b33_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:ibm-bamoe/bamoe-businesscentral-monitoring-rhel8@sha256:72999c6bcd08c26d15813fa4a813749f1349cafeb7d155ecf262e6cbdf6a0b33_amd64"
},
"product_reference": "ibm-bamoe/bamoe-businesscentral-monitoring-rhel8@sha256:72999c6bcd08c26d15813fa4a813749f1349cafeb7d155ecf262e6cbdf6a0b33_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ibm-bamoe/bamoe-businesscentral-rhel8@sha256:bdb79faae81c9624759b0b7acb9825004e377ac5186fefa4be3393c21f41a869_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:ibm-bamoe/bamoe-businesscentral-rhel8@sha256:bdb79faae81c9624759b0b7acb9825004e377ac5186fefa4be3393c21f41a869_amd64"
},
"product_reference": "ibm-bamoe/bamoe-businesscentral-rhel8@sha256:bdb79faae81c9624759b0b7acb9825004e377ac5186fefa4be3393c21f41a869_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ibm-bamoe/bamoe-controller-rhel8@sha256:4257937e0e3fe3c0dc7b150fb111738c3bf8416781fe15f7245a0b2f9dc604c9_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:ibm-bamoe/bamoe-controller-rhel8@sha256:4257937e0e3fe3c0dc7b150fb111738c3bf8416781fe15f7245a0b2f9dc604c9_amd64"
},
"product_reference": "ibm-bamoe/bamoe-controller-rhel8@sha256:4257937e0e3fe3c0dc7b150fb111738c3bf8416781fe15f7245a0b2f9dc604c9_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ibm-bamoe/bamoe-dashbuilder-rhel8@sha256:f0efba2fc020c17063ade1ab8860c1f63a6bba74228587ad6c0582001249e6cc_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:ibm-bamoe/bamoe-dashbuilder-rhel8@sha256:f0efba2fc020c17063ade1ab8860c1f63a6bba74228587ad6c0582001249e6cc_amd64"
},
"product_reference": "ibm-bamoe/bamoe-dashbuilder-rhel8@sha256:f0efba2fc020c17063ade1ab8860c1f63a6bba74228587ad6c0582001249e6cc_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ibm-bamoe/bamoe-kieserver-rhel8@sha256:a02e0a493f8651a31614dc30a3e803df08c9563e9f5da21a9710a7d010dfca2f_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kieserver-rhel8@sha256:a02e0a493f8651a31614dc30a3e803df08c9563e9f5da21a9710a7d010dfca2f_amd64"
},
"product_reference": "ibm-bamoe/bamoe-kieserver-rhel8@sha256:a02e0a493f8651a31614dc30a3e803df08c9563e9f5da21a9710a7d010dfca2f_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ibm-bamoe/bamoe-kogito-builder-rhel8@sha256:53a848ec0126dd74180697bd76d83f02151ce08dcb1ddda59a4b2ebdcae44047_ppc64le as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-builder-rhel8@sha256:53a848ec0126dd74180697bd76d83f02151ce08dcb1ddda59a4b2ebdcae44047_ppc64le"
},
"product_reference": "ibm-bamoe/bamoe-kogito-builder-rhel8@sha256:53a848ec0126dd74180697bd76d83f02151ce08dcb1ddda59a4b2ebdcae44047_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ibm-bamoe/bamoe-kogito-builder-rhel8@sha256:b212e8d2ee392c732960889369d51c885f5eabd9f76a586189e75d8e54fa12ed_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-builder-rhel8@sha256:b212e8d2ee392c732960889369d51c885f5eabd9f76a586189e75d8e54fa12ed_amd64"
},
"product_reference": "ibm-bamoe/bamoe-kogito-builder-rhel8@sha256:b212e8d2ee392c732960889369d51c885f5eabd9f76a586189e75d8e54fa12ed_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ibm-bamoe/bamoe-kogito-rhel8-operator-bundle@sha256:331ca81863339a0b8d52f127e860209ac3be2cf05fb4d26f3162eb3ee81f605c_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-rhel8-operator-bundle@sha256:331ca81863339a0b8d52f127e860209ac3be2cf05fb4d26f3162eb3ee81f605c_amd64"
},
"product_reference": "ibm-bamoe/bamoe-kogito-rhel8-operator-bundle@sha256:331ca81863339a0b8d52f127e860209ac3be2cf05fb4d26f3162eb3ee81f605c_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ibm-bamoe/bamoe-kogito-rhel8-operator-bundle@sha256:86854b56abee2f78540bd5c3dae1d874ed0281fb756d3d06faa17cb9386b55b8_ppc64le as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-rhel8-operator-bundle@sha256:86854b56abee2f78540bd5c3dae1d874ed0281fb756d3d06faa17cb9386b55b8_ppc64le"
},
"product_reference": "ibm-bamoe/bamoe-kogito-rhel8-operator-bundle@sha256:86854b56abee2f78540bd5c3dae1d874ed0281fb756d3d06faa17cb9386b55b8_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ibm-bamoe/bamoe-kogito-rhel8-operator@sha256:1f2f53c48f1d8e997b0a8ec314405ac90126e710cc2f25d4362c250499cc927b_ppc64le as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-rhel8-operator@sha256:1f2f53c48f1d8e997b0a8ec314405ac90126e710cc2f25d4362c250499cc927b_ppc64le"
},
"product_reference": "ibm-bamoe/bamoe-kogito-rhel8-operator@sha256:1f2f53c48f1d8e997b0a8ec314405ac90126e710cc2f25d4362c250499cc927b_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ibm-bamoe/bamoe-kogito-rhel8-operator@sha256:f883b2a9cfb1516222e86f3994a7560233f1b96ae25d0421922bfcfe6935fa16_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-rhel8-operator@sha256:f883b2a9cfb1516222e86f3994a7560233f1b96ae25d0421922bfcfe6935fa16_amd64"
},
"product_reference": "ibm-bamoe/bamoe-kogito-rhel8-operator@sha256:f883b2a9cfb1516222e86f3994a7560233f1b96ae25d0421922bfcfe6935fa16_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ibm-bamoe/bamoe-kogito-runtime-jvm-rhel8@sha256:1a3a50a1af4d78bc70a9c11a42f059bd372454ce84913c3b78021180ec4d0bdf_ppc64le as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-runtime-jvm-rhel8@sha256:1a3a50a1af4d78bc70a9c11a42f059bd372454ce84913c3b78021180ec4d0bdf_ppc64le"
},
"product_reference": "ibm-bamoe/bamoe-kogito-runtime-jvm-rhel8@sha256:1a3a50a1af4d78bc70a9c11a42f059bd372454ce84913c3b78021180ec4d0bdf_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ibm-bamoe/bamoe-kogito-runtime-jvm-rhel8@sha256:db94353ed91569bacb79c0f434deff478e01469671ef3af6804940cef31c7492_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-runtime-jvm-rhel8@sha256:db94353ed91569bacb79c0f434deff478e01469671ef3af6804940cef31c7492_amd64"
},
"product_reference": "ibm-bamoe/bamoe-kogito-runtime-jvm-rhel8@sha256:db94353ed91569bacb79c0f434deff478e01469671ef3af6804940cef31c7492_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ibm-bamoe/bamoe-operator-bundle@sha256:f4d8d5f8bde0fdd607b889da98e039610f306f45e05074435db0e00d4c62785e_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:ibm-bamoe/bamoe-operator-bundle@sha256:f4d8d5f8bde0fdd607b889da98e039610f306f45e05074435db0e00d4c62785e_amd64"
},
"product_reference": "ibm-bamoe/bamoe-operator-bundle@sha256:f4d8d5f8bde0fdd607b889da98e039610f306f45e05074435db0e00d4c62785e_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ibm-bamoe/bamoe-process-migration-rhel8@sha256:fdfeda38dd932c4aa9f63b4f5e758b823eb079c90f068a482f92c4aa8e880664_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:ibm-bamoe/bamoe-process-migration-rhel8@sha256:fdfeda38dd932c4aa9f63b4f5e758b823eb079c90f068a482f92c4aa8e880664_amd64"
},
"product_reference": "ibm-bamoe/bamoe-process-migration-rhel8@sha256:fdfeda38dd932c4aa9f63b4f5e758b823eb079c90f068a482f92c4aa8e880664_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ibm-bamoe/bamoe-rhel8-operator@sha256:76a66069057cc21cc1476e0b20defaf78178343c8c16de5b5af7c5d3be846474_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:ibm-bamoe/bamoe-rhel8-operator@sha256:76a66069057cc21cc1476e0b20defaf78178343c8c16de5b5af7c5d3be846474_amd64"
},
"product_reference": "ibm-bamoe/bamoe-rhel8-operator@sha256:76a66069057cc21cc1476e0b20defaf78178343c8c16de5b5af7c5d3be846474_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ibm-bamoe/bamoe-smartrouter-rhel8@sha256:90dae7252e3c285e1b1d318dd0831f851a7be4608b8f8b82384c7236049b6442_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:ibm-bamoe/bamoe-smartrouter-rhel8@sha256:90dae7252e3c285e1b1d318dd0831f851a7be4608b8f8b82384c7236049b6442_amd64"
},
"product_reference": "ibm-bamoe/bamoe-smartrouter-rhel8@sha256:90dae7252e3c285e1b1d318dd0831f851a7be4608b8f8b82384c7236049b6442_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-Middleware:ibm-bamoe-tech-preview/bamoe-kogito-runtime-native-rhel8@sha256:db4267235a69729c0cdc7a8af7d84afeeea6b1cda81e2c9411d5307f11c45bde_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-businesscentral-monitoring-rhel8@sha256:72999c6bcd08c26d15813fa4a813749f1349cafeb7d155ecf262e6cbdf6a0b33_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-businesscentral-rhel8@sha256:bdb79faae81c9624759b0b7acb9825004e377ac5186fefa4be3393c21f41a869_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-controller-rhel8@sha256:4257937e0e3fe3c0dc7b150fb111738c3bf8416781fe15f7245a0b2f9dc604c9_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-dashbuilder-rhel8@sha256:f0efba2fc020c17063ade1ab8860c1f63a6bba74228587ad6c0582001249e6cc_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kieserver-rhel8@sha256:a02e0a493f8651a31614dc30a3e803df08c9563e9f5da21a9710a7d010dfca2f_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-builder-rhel8@sha256:53a848ec0126dd74180697bd76d83f02151ce08dcb1ddda59a4b2ebdcae44047_ppc64le",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-builder-rhel8@sha256:b212e8d2ee392c732960889369d51c885f5eabd9f76a586189e75d8e54fa12ed_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-rhel8-operator-bundle@sha256:331ca81863339a0b8d52f127e860209ac3be2cf05fb4d26f3162eb3ee81f605c_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-rhel8-operator-bundle@sha256:86854b56abee2f78540bd5c3dae1d874ed0281fb756d3d06faa17cb9386b55b8_ppc64le",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-rhel8-operator@sha256:1f2f53c48f1d8e997b0a8ec314405ac90126e710cc2f25d4362c250499cc927b_ppc64le",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-rhel8-operator@sha256:f883b2a9cfb1516222e86f3994a7560233f1b96ae25d0421922bfcfe6935fa16_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-runtime-jvm-rhel8@sha256:1a3a50a1af4d78bc70a9c11a42f059bd372454ce84913c3b78021180ec4d0bdf_ppc64le",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-runtime-jvm-rhel8@sha256:db94353ed91569bacb79c0f434deff478e01469671ef3af6804940cef31c7492_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-operator-bundle@sha256:f4d8d5f8bde0fdd607b889da98e039610f306f45e05074435db0e00d4c62785e_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-process-migration-rhel8@sha256:fdfeda38dd932c4aa9f63b4f5e758b823eb079c90f068a482f92c4aa8e880664_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-rhel8-operator@sha256:76a66069057cc21cc1476e0b20defaf78178343c8c16de5b5af7c5d3be846474_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-smartrouter-rhel8@sha256:90dae7252e3c285e1b1d318dd0831f851a7be4608b8f8b82384c7236049b6442_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-29T18:13:51+00:00",
"details": "Updated IBM Business Automation Manager Open Editions 8.0.4 OpenShift images can be found in the Red Hat Container Catalog.",
"product_ids": [
"8Base-RHOSE-Middleware:ibm-bamoe-tech-preview/bamoe-kogito-runtime-native-rhel8@sha256:db4267235a69729c0cdc7a8af7d84afeeea6b1cda81e2c9411d5307f11c45bde_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-businesscentral-monitoring-rhel8@sha256:72999c6bcd08c26d15813fa4a813749f1349cafeb7d155ecf262e6cbdf6a0b33_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-businesscentral-rhel8@sha256:bdb79faae81c9624759b0b7acb9825004e377ac5186fefa4be3393c21f41a869_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-controller-rhel8@sha256:4257937e0e3fe3c0dc7b150fb111738c3bf8416781fe15f7245a0b2f9dc604c9_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-dashbuilder-rhel8@sha256:f0efba2fc020c17063ade1ab8860c1f63a6bba74228587ad6c0582001249e6cc_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kieserver-rhel8@sha256:a02e0a493f8651a31614dc30a3e803df08c9563e9f5da21a9710a7d010dfca2f_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-builder-rhel8@sha256:53a848ec0126dd74180697bd76d83f02151ce08dcb1ddda59a4b2ebdcae44047_ppc64le",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-builder-rhel8@sha256:b212e8d2ee392c732960889369d51c885f5eabd9f76a586189e75d8e54fa12ed_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-rhel8-operator-bundle@sha256:331ca81863339a0b8d52f127e860209ac3be2cf05fb4d26f3162eb3ee81f605c_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-rhel8-operator-bundle@sha256:86854b56abee2f78540bd5c3dae1d874ed0281fb756d3d06faa17cb9386b55b8_ppc64le",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-rhel8-operator@sha256:1f2f53c48f1d8e997b0a8ec314405ac90126e710cc2f25d4362c250499cc927b_ppc64le",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-rhel8-operator@sha256:f883b2a9cfb1516222e86f3994a7560233f1b96ae25d0421922bfcfe6935fa16_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-runtime-jvm-rhel8@sha256:1a3a50a1af4d78bc70a9c11a42f059bd372454ce84913c3b78021180ec4d0bdf_ppc64le",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-runtime-jvm-rhel8@sha256:db94353ed91569bacb79c0f434deff478e01469671ef3af6804940cef31c7492_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-operator-bundle@sha256:f4d8d5f8bde0fdd607b889da98e039610f306f45e05074435db0e00d4c62785e_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-process-migration-rhel8@sha256:fdfeda38dd932c4aa9f63b4f5e758b823eb079c90f068a482f92c4aa8e880664_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-rhel8-operator@sha256:76a66069057cc21cc1476e0b20defaf78178343c8c16de5b5af7c5d3be846474_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-smartrouter-rhel8@sha256:90dae7252e3c285e1b1d318dd0831f851a7be4608b8f8b82384c7236049b6442_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7587"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOSE-Middleware:ibm-bamoe-tech-preview/bamoe-kogito-runtime-native-rhel8@sha256:db4267235a69729c0cdc7a8af7d84afeeea6b1cda81e2c9411d5307f11c45bde_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-businesscentral-monitoring-rhel8@sha256:72999c6bcd08c26d15813fa4a813749f1349cafeb7d155ecf262e6cbdf6a0b33_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-businesscentral-rhel8@sha256:bdb79faae81c9624759b0b7acb9825004e377ac5186fefa4be3393c21f41a869_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-controller-rhel8@sha256:4257937e0e3fe3c0dc7b150fb111738c3bf8416781fe15f7245a0b2f9dc604c9_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-dashbuilder-rhel8@sha256:f0efba2fc020c17063ade1ab8860c1f63a6bba74228587ad6c0582001249e6cc_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kieserver-rhel8@sha256:a02e0a493f8651a31614dc30a3e803df08c9563e9f5da21a9710a7d010dfca2f_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-builder-rhel8@sha256:53a848ec0126dd74180697bd76d83f02151ce08dcb1ddda59a4b2ebdcae44047_ppc64le",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-builder-rhel8@sha256:b212e8d2ee392c732960889369d51c885f5eabd9f76a586189e75d8e54fa12ed_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-rhel8-operator-bundle@sha256:331ca81863339a0b8d52f127e860209ac3be2cf05fb4d26f3162eb3ee81f605c_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-rhel8-operator-bundle@sha256:86854b56abee2f78540bd5c3dae1d874ed0281fb756d3d06faa17cb9386b55b8_ppc64le",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-rhel8-operator@sha256:1f2f53c48f1d8e997b0a8ec314405ac90126e710cc2f25d4362c250499cc927b_ppc64le",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-rhel8-operator@sha256:f883b2a9cfb1516222e86f3994a7560233f1b96ae25d0421922bfcfe6935fa16_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-runtime-jvm-rhel8@sha256:1a3a50a1af4d78bc70a9c11a42f059bd372454ce84913c3b78021180ec4d0bdf_ppc64le",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-runtime-jvm-rhel8@sha256:db94353ed91569bacb79c0f434deff478e01469671ef3af6804940cef31c7492_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-operator-bundle@sha256:f4d8d5f8bde0fdd607b889da98e039610f306f45e05074435db0e00d4c62785e_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-process-migration-rhel8@sha256:fdfeda38dd932c4aa9f63b4f5e758b823eb079c90f068a482f92c4aa8e880664_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-rhel8-operator@sha256:76a66069057cc21cc1476e0b20defaf78178343c8c16de5b5af7c5d3be846474_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-smartrouter-rhel8@sha256:90dae7252e3c285e1b1d318dd0831f851a7be4608b8f8b82384c7236049b6442_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-Middleware:ibm-bamoe-tech-preview/bamoe-kogito-runtime-native-rhel8@sha256:db4267235a69729c0cdc7a8af7d84afeeea6b1cda81e2c9411d5307f11c45bde_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-businesscentral-monitoring-rhel8@sha256:72999c6bcd08c26d15813fa4a813749f1349cafeb7d155ecf262e6cbdf6a0b33_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-businesscentral-rhel8@sha256:bdb79faae81c9624759b0b7acb9825004e377ac5186fefa4be3393c21f41a869_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-controller-rhel8@sha256:4257937e0e3fe3c0dc7b150fb111738c3bf8416781fe15f7245a0b2f9dc604c9_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-dashbuilder-rhel8@sha256:f0efba2fc020c17063ade1ab8860c1f63a6bba74228587ad6c0582001249e6cc_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kieserver-rhel8@sha256:a02e0a493f8651a31614dc30a3e803df08c9563e9f5da21a9710a7d010dfca2f_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-builder-rhel8@sha256:53a848ec0126dd74180697bd76d83f02151ce08dcb1ddda59a4b2ebdcae44047_ppc64le",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-builder-rhel8@sha256:b212e8d2ee392c732960889369d51c885f5eabd9f76a586189e75d8e54fa12ed_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-rhel8-operator-bundle@sha256:331ca81863339a0b8d52f127e860209ac3be2cf05fb4d26f3162eb3ee81f605c_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-rhel8-operator-bundle@sha256:86854b56abee2f78540bd5c3dae1d874ed0281fb756d3d06faa17cb9386b55b8_ppc64le",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-rhel8-operator@sha256:1f2f53c48f1d8e997b0a8ec314405ac90126e710cc2f25d4362c250499cc927b_ppc64le",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-rhel8-operator@sha256:f883b2a9cfb1516222e86f3994a7560233f1b96ae25d0421922bfcfe6935fa16_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-runtime-jvm-rhel8@sha256:1a3a50a1af4d78bc70a9c11a42f059bd372454ce84913c3b78021180ec4d0bdf_ppc64le",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-kogito-runtime-jvm-rhel8@sha256:db94353ed91569bacb79c0f434deff478e01469671ef3af6804940cef31c7492_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-operator-bundle@sha256:f4d8d5f8bde0fdd607b889da98e039610f306f45e05074435db0e00d4c62785e_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-process-migration-rhel8@sha256:fdfeda38dd932c4aa9f63b4f5e758b823eb079c90f068a482f92c4aa8e880664_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-rhel8-operator@sha256:76a66069057cc21cc1476e0b20defaf78178343c8c16de5b5af7c5d3be846474_amd64",
"8Base-RHOSE-Middleware:ibm-bamoe/bamoe-smartrouter-rhel8@sha256:90dae7252e3c285e1b1d318dd0831f851a7be4608b8f8b82384c7236049b6442_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:7610
Vulnerability from csaf_redhat - Published: 2023-12-06 18:17 - Updated: 2026-06-02 15:03Summary
Red Hat Security Advisory: OpenShift Container Platform 4.12.45 packages and security update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 4.12.45 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.12.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.45. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHSA-2023:7608
Security Fix(es):
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* python-werkzeug: high resource consumption leading to denial of service (CVE-2023-46136)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
156 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debuginfo-common-aarch64-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debuginfo-common-ppc64le-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debuginfo-common-s390x-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debuginfo-common-x86_64-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-doc-0:4.18.0-372.82.1.el8_6.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-debug-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-debug-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-debug-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-debug-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-debug-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-debug-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-debug-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-debug-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-selftests-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-zfcpdump-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-zfcpdump-core-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-zfcpdump-debuginfo-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-zfcpdump-devel-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-zfcpdump-modules-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-zfcpdump-modules-extra-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:kernel-zfcpdump-modules-internal-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.12:openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.src | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.src | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.12:openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-IRONIC-4.12:python-werkzeug-0:2.0.3-5.el9.src | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-IRONIC-4.12:python3-werkzeug-0:2.0.3-5.el9.noarch | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A resource consumption flaw was found in python-werkzeug. If a specially crafted file is uploaded by a remote attacker, it may cause a denial of service.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
167 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debuginfo-common-aarch64-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debuginfo-common-ppc64le-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debuginfo-common-s390x-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-debuginfo-common-x86_64-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-doc-0:4.18.0-372.82.1.el8_6.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-debug-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-debug-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-debug-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-debug-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-debug-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-debug-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-debug-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-debug-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-rt-selftests-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-zfcpdump-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-zfcpdump-core-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-zfcpdump-debuginfo-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-zfcpdump-devel-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-zfcpdump-modules-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-zfcpdump-modules-extra-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:kernel-zfcpdump-modules-internal-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64 | — | ||
| Unresolved product id: 9Base-RHOSE-4.12:openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.src | — | ||
| Unresolved product id: 9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.aarch64 | — | ||
| Unresolved product id: 9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.ppc64le | — | ||
| Unresolved product id: 9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.s390x | — | ||
| Unresolved product id: 9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.src | — | ||
| Unresolved product id: 9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64 | — | ||
| Unresolved product id: 9Base-RHOSE-4.12:openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64 | — | ||
| Unresolved product id: 9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.aarch64 | — | ||
| Unresolved product id: 9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.ppc64le | — | ||
| Unresolved product id: 9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.s390x | — | ||
| Unresolved product id: 9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.x86_64 | — |
Threats
Impact
Moderate
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.12.45 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.12.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.45. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHSA-2023:7608\n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* python-werkzeug: high resource consumption leading to denial of service (CVE-2023-46136)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7610",
"url": "https://access.redhat.com/errata/RHSA-2023:7610"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "2246310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246310"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7610.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.12.45 packages and security update",
"tracking": {
"current_release_date": "2026-06-02T15:03:55+00:00",
"generator": {
"date": "2026-06-02T15:03:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:7610",
"initial_release_date": "2023-12-06T18:17:51+00:00",
"revision_history": [
{
"date": "2023-12-06T18:17:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-12-06T18:17:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T15:03:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.12",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12",
"product_id": "9Base-RHOSE-4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.12::el9"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.12",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.12::el8"
}
}
},
{
"category": "product_name",
"name": "Ironic content for Red Hat OpenShift Container Platform 4.12",
"product": {
"name": "Ironic content for Red Hat OpenShift Container Platform 4.12",
"product_id": "9Base-RHOSE-IRONIC-4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_ironic:4.12::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.src",
"product": {
"name": "openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.src",
"product_id": "openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.src",
"product": {
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.src",
"product_id": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.src",
"product": {
"name": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.src",
"product_id": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.25.5-2.rhaos4.12.git0217273.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.src",
"product": {
"name": "openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.src",
"product_id": "openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.src",
"product": {
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.src",
"product_id": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "kernel-0:4.18.0-372.82.1.el8_6.src",
"product": {
"name": "kernel-0:4.18.0-372.82.1.el8_6.src",
"product_id": "kernel-0:4.18.0-372.82.1.el8_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel@4.18.0-372.82.1.el8_6?arch=src"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.src",
"product": {
"name": "kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.src",
"product_id": "kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@4.18.0-372.82.1.rt7.241.el8_6?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-werkzeug-0:2.0.3-5.el9.src",
"product": {
"name": "python-werkzeug-0:2.0.3-5.el9.src",
"product_id": "python-werkzeug-0:2.0.3-5.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-werkzeug@2.0.3-5.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.x86_64",
"product_id": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64",
"product": {
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64",
"product_id": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64",
"product": {
"name": "openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64",
"product_id": "openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"product": {
"name": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"product_id": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.25.5-2.rhaos4.12.git0217273.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"product": {
"name": "cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"product_id": "cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.25.5-2.rhaos4.12.git0217273.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"product_id": "cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.25.5-2.rhaos4.12.git0217273.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.x86_64",
"product_id": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64",
"product": {
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64",
"product_id": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64",
"product": {
"name": "openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64",
"product_id": "openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bpftool-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "bpftool-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "bpftool-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bpftool@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "kernel-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "kernel-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-core-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "kernel-core-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "kernel-core-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-core@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "kernel-debug-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "kernel-debug-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-core-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "kernel-debug-core-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "kernel-debug-core-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-core@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "kernel-debug-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "kernel-debug-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-devel@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-modules-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "kernel-debug-modules-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "kernel-debug-modules-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-modules@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-modules-extra@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-modules-internal@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "kernel-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "kernel-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-devel@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-ipaclones-internal@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-modules-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "kernel-modules-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "kernel-modules-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-modules@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "kernel-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "kernel-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-modules-extra@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "kernel-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "kernel-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-modules-internal@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-selftests-internal@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "kernel-tools-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "kernel-tools-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-tools@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-libs-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "kernel-tools-libs-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "kernel-tools-libs-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-tools-libs@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-tools-libs-devel@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "perf-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "perf-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "perf-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perf@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-perf-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "python3-perf-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "python3-perf-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-perf@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bpftool-debuginfo@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-debuginfo@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "kernel-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "kernel-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debuginfo@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debuginfo-common-x86_64-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "kernel-debuginfo-common-x86_64-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "kernel-debuginfo-common-x86_64-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debuginfo-common-x86_64@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-tools-debuginfo@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perf-debuginfo@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"product": {
"name": "python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"product_id": "python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-perf-debuginfo@4.18.0-372.82.1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product": {
"name": "kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_id": "kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@4.18.0-372.82.1.rt7.241.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product": {
"name": "kernel-rt-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_id": "kernel-rt-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-core@4.18.0-372.82.1.rt7.241.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product": {
"name": "kernel-rt-debug-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_id": "kernel-rt-debug-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug@4.18.0-372.82.1.rt7.241.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product": {
"name": "kernel-rt-debug-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_id": "kernel-rt-debug-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-core@4.18.0-372.82.1.rt7.241.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product": {
"name": "kernel-rt-debug-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_id": "kernel-rt-debug-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-devel@4.18.0-372.82.1.rt7.241.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product": {
"name": "kernel-rt-debug-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_id": "kernel-rt-debug-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@4.18.0-372.82.1.rt7.241.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product": {
"name": "kernel-rt-debug-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_id": "kernel-rt-debug-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules@4.18.0-372.82.1.rt7.241.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product": {
"name": "kernel-rt-debug-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_id": "kernel-rt-debug-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@4.18.0-372.82.1.rt7.241.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product": {
"name": "kernel-rt-debug-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_id": "kernel-rt-debug-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules-internal@4.18.0-372.82.1.rt7.241.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product": {
"name": "kernel-rt-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_id": "kernel-rt-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-devel@4.18.0-372.82.1.rt7.241.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product": {
"name": "kernel-rt-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_id": "kernel-rt-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-kvm@4.18.0-372.82.1.rt7.241.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product": {
"name": "kernel-rt-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_id": "kernel-rt-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules@4.18.0-372.82.1.rt7.241.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product": {
"name": "kernel-rt-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_id": "kernel-rt-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules-extra@4.18.0-372.82.1.rt7.241.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product": {
"name": "kernel-rt-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_id": "kernel-rt-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules-internal@4.18.0-372.82.1.rt7.241.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-selftests-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product": {
"name": "kernel-rt-selftests-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_id": "kernel-rt-selftests-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-selftests-internal@4.18.0-372.82.1.rt7.241.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product": {
"name": "kernel-rt-debug-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_id": "kernel-rt-debug-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@4.18.0-372.82.1.rt7.241.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product": {
"name": "kernel-rt-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_id": "kernel-rt-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo@4.18.0-372.82.1.rt7.241.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product": {
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_id": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@4.18.0-372.82.1.rt7.241.el8_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.aarch64",
"product": {
"name": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.aarch64",
"product_id": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.aarch64",
"product": {
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.aarch64",
"product_id": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"product": {
"name": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"product_id": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.25.5-2.rhaos4.12.git0217273.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"product": {
"name": "cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"product_id": "cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.25.5-2.rhaos4.12.git0217273.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"product": {
"name": "cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"product_id": "cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.25.5-2.rhaos4.12.git0217273.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.aarch64",
"product": {
"name": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.aarch64",
"product_id": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.aarch64",
"product": {
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.aarch64",
"product_id": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bpftool-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "bpftool-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "bpftool-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bpftool@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "kernel-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "kernel-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "kernel-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "kernel-core-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "kernel-core-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "kernel-core-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-core@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "kernel-debug-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "kernel-debug-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-core-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "kernel-debug-core-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "kernel-debug-core-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-core@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "kernel-debug-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "kernel-debug-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-devel@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-modules-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "kernel-debug-modules-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "kernel-debug-modules-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-modules@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-modules-extra@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-modules-internal@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "kernel-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "kernel-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "kernel-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-devel@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "kernel-modules-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "kernel-modules-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "kernel-modules-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-modules@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "kernel-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "kernel-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "kernel-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-modules-extra@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "kernel-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "kernel-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "kernel-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-modules-internal@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-selftests-internal@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "kernel-tools-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "kernel-tools-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-tools@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-libs-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "kernel-tools-libs-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "kernel-tools-libs-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-tools-libs@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-tools-libs-devel@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "perf-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "perf-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "perf-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perf@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-perf-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "python3-perf-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "python3-perf-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-perf@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bpftool-debuginfo@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-debuginfo@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "kernel-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "kernel-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "kernel-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debuginfo@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "kernel-debuginfo-common-aarch64-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "kernel-debuginfo-common-aarch64-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "kernel-debuginfo-common-aarch64-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debuginfo-common-aarch64@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-tools-debuginfo@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perf-debuginfo@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"product": {
"name": "python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"product_id": "python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-perf-debuginfo@4.18.0-372.82.1.el8_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.ppc64le",
"product": {
"name": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.ppc64le",
"product_id": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.ppc64le",
"product": {
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.ppc64le",
"product_id": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"product": {
"name": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"product_id": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.25.5-2.rhaos4.12.git0217273.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"product": {
"name": "cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"product_id": "cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.25.5-2.rhaos4.12.git0217273.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"product": {
"name": "cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"product_id": "cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.25.5-2.rhaos4.12.git0217273.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.ppc64le",
"product": {
"name": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.ppc64le",
"product_id": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.ppc64le",
"product": {
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.ppc64le",
"product_id": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bpftool-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "bpftool-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "bpftool-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bpftool@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "kernel-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "kernel-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-core-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "kernel-core-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "kernel-core-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-core@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "kernel-debug-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "kernel-debug-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-core-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "kernel-debug-core-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "kernel-debug-core-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-core@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "kernel-debug-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "kernel-debug-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-devel@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-modules-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "kernel-debug-modules-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "kernel-debug-modules-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-modules@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-modules-extra@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-modules-internal@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "kernel-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "kernel-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-devel@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-ipaclones-internal@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-modules-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "kernel-modules-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "kernel-modules-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-modules@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "kernel-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "kernel-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-modules-extra@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "kernel-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "kernel-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-modules-internal@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-selftests-internal@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "kernel-tools-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "kernel-tools-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-tools@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-libs-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "kernel-tools-libs-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "kernel-tools-libs-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-tools-libs@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-tools-libs-devel@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "perf-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "perf-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "perf-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perf@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-perf-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "python3-perf-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "python3-perf-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-perf@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bpftool-debuginfo@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-debuginfo@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "kernel-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "kernel-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debuginfo@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-debuginfo-common-ppc64le-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "kernel-debuginfo-common-ppc64le-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "kernel-debuginfo-common-ppc64le-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debuginfo-common-ppc64le@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-tools-debuginfo@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perf-debuginfo@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"product": {
"name": "python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_id": "python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-perf-debuginfo@4.18.0-372.82.1.el8_6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.s390x",
"product": {
"name": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.s390x",
"product_id": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.s390x",
"product": {
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.s390x",
"product_id": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"product": {
"name": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"product_id": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.25.5-2.rhaos4.12.git0217273.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"product": {
"name": "cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"product_id": "cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.25.5-2.rhaos4.12.git0217273.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"product": {
"name": "cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"product_id": "cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.25.5-2.rhaos4.12.git0217273.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.s390x",
"product": {
"name": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.s390x",
"product_id": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.s390x",
"product": {
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.s390x",
"product_id": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bpftool-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "bpftool-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "bpftool-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bpftool@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-core-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-core-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-core-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-core@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-debug-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-debug-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-core-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-debug-core-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-debug-core-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-core@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-debug-devel-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-debug-devel-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-devel@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-modules-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-debug-modules-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-debug-modules-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-modules@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-modules-extra@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-modules-internal@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-devel-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-devel-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-devel-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-devel@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-modules-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-modules-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-modules-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-modules@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-modules-extra@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-modules-internal@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-selftests-internal@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-tools-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-tools-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-tools@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-zfcpdump-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-zfcpdump-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-zfcpdump-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-zfcpdump@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-zfcpdump-core-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-zfcpdump-core-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-zfcpdump-core-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-zfcpdump-core@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-zfcpdump-devel-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-zfcpdump-devel-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-zfcpdump-devel-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-zfcpdump-devel@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-zfcpdump-modules-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-zfcpdump-modules-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-zfcpdump-modules-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-zfcpdump-modules@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-zfcpdump-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-zfcpdump-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-zfcpdump-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-zfcpdump-modules-extra@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-zfcpdump-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-zfcpdump-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-zfcpdump-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-zfcpdump-modules-internal@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "perf-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "perf-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "perf-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perf@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-perf-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "python3-perf-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "python3-perf-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-perf@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bpftool-debuginfo@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-debuginfo@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debuginfo@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-debuginfo-common-s390x-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-debuginfo-common-s390x-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-debuginfo-common-s390x-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debuginfo-common-s390x@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-tools-debuginfo@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "kernel-zfcpdump-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "kernel-zfcpdump-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "kernel-zfcpdump-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-zfcpdump-debuginfo@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perf-debuginfo@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"product": {
"name": "python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"product_id": "python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-perf-debuginfo@4.18.0-372.82.1.el8_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-doc-0:4.18.0-372.82.1.el8_6.noarch",
"product": {
"name": "kernel-doc-0:4.18.0-372.82.1.el8_6.noarch",
"product_id": "kernel-doc-0:4.18.0-372.82.1.el8_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-doc@4.18.0-372.82.1.el8_6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-werkzeug-0:2.0.3-5.el9.noarch",
"product": {
"name": "python3-werkzeug-0:2.0.3-5.el9.noarch",
"product_id": "python3-werkzeug-0:2.0.3-5.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-werkzeug@2.0.3-5.el9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bpftool-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "bpftool-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bpftool-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "bpftool-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bpftool-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "bpftool-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bpftool-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "bpftool-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64"
},
"product_reference": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le"
},
"product_reference": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x"
},
"product_reference": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.src as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.src"
},
"product_reference": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64"
},
"product_reference": "cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64"
},
"product_reference": "cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le"
},
"product_reference": "cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x"
},
"product_reference": "cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64"
},
"product_reference": "cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le"
},
"product_reference": "cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x"
},
"product_reference": "cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64"
},
"product_reference": "cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "kernel-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "kernel-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-0:4.18.0-372.82.1.el8_6.src as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.src"
},
"product_reference": "kernel-0:4.18.0-372.82.1.el8_6.src",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "kernel-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-core-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "kernel-core-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-core-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "kernel-core-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-core-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-core-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-core-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "kernel-core-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "kernel-debug-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "kernel-debug-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-debug-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "kernel-debug-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-core-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "kernel-debug-core-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-core-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "kernel-debug-core-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-core-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-debug-core-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-core-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "kernel-debug-core-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-devel-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "kernel-debug-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-devel-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "kernel-debug-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-devel-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-debug-devel-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-devel-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "kernel-debug-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "kernel-debug-modules-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "kernel-debug-modules-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-debug-modules-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "kernel-debug-modules-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "kernel-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "kernel-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debuginfo-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "kernel-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debuginfo-common-aarch64-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debuginfo-common-aarch64-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "kernel-debuginfo-common-aarch64-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debuginfo-common-ppc64le-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debuginfo-common-ppc64le-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "kernel-debuginfo-common-ppc64le-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debuginfo-common-s390x-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debuginfo-common-s390x-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-debuginfo-common-s390x-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debuginfo-common-x86_64-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-debuginfo-common-x86_64-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "kernel-debuginfo-common-x86_64-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "kernel-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "kernel-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-devel-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "kernel-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-doc-0:4.18.0-372.82.1.el8_6.noarch as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-doc-0:4.18.0-372.82.1.el8_6.noarch"
},
"product_reference": "kernel-doc-0:4.18.0-372.82.1.el8_6.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-modules-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "kernel-modules-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-modules-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "kernel-modules-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-modules-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-modules-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-modules-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "kernel-modules-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "kernel-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "kernel-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-modules-extra-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "kernel-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "kernel-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "kernel-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-modules-internal-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "kernel-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.src as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.src"
},
"product_reference": "kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.src",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64"
},
"product_reference": "kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-rt-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64"
},
"product_reference": "kernel-rt-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-rt-debug-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64"
},
"product_reference": "kernel-rt-debug-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-rt-debug-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64"
},
"product_reference": "kernel-rt-debug-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-rt-debug-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-rt-debug-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-rt-debug-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-rt-debug-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64"
},
"product_reference": "kernel-rt-debug-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-rt-debug-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64"
},
"product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-rt-debug-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64"
},
"product_reference": "kernel-rt-debug-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-rt-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-rt-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64"
},
"product_reference": "kernel-rt-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-rt-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64"
},
"product_reference": "kernel-rt-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-rt-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64"
},
"product_reference": "kernel-rt-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-rt-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64"
},
"product_reference": "kernel-rt-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-rt-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64"
},
"product_reference": "kernel-rt-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-selftests-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-rt-selftests-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64"
},
"product_reference": "kernel-rt-selftests-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "kernel-tools-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "kernel-tools-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-tools-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "kernel-tools-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-libs-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "kernel-tools-libs-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-libs-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "kernel-tools-libs-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-libs-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "kernel-tools-libs-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-zfcpdump-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-zfcpdump-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-zfcpdump-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-zfcpdump-core-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-zfcpdump-core-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-zfcpdump-core-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-zfcpdump-debuginfo-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-zfcpdump-debuginfo-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-zfcpdump-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-zfcpdump-devel-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-zfcpdump-devel-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-zfcpdump-devel-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-zfcpdump-modules-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-zfcpdump-modules-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-zfcpdump-modules-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-zfcpdump-modules-extra-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-zfcpdump-modules-extra-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-zfcpdump-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-zfcpdump-modules-internal-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:kernel-zfcpdump-modules-internal-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "kernel-zfcpdump-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.src"
},
"product_reference": "openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.aarch64"
},
"product_reference": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.ppc64le"
},
"product_reference": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.s390x"
},
"product_reference": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.src"
},
"product_reference": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64"
},
"product_reference": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64"
},
"product_reference": "openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.aarch64"
},
"product_reference": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.ppc64le"
},
"product_reference": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.s390x"
},
"product_reference": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perf-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "perf-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perf-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "perf-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perf-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "perf-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perf-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "perf-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-perf-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "python3-perf-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-perf-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "python3-perf-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-perf-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "python3-perf-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-perf-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "python3-perf-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64"
},
"product_reference": "python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le"
},
"product_reference": "python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x"
},
"product_reference": "python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64"
},
"product_reference": "python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.src as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "9Base-RHOSE-4.12:openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.src"
},
"product_reference": "openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.src",
"relates_to_product_reference": "9Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.aarch64"
},
"product_reference": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.aarch64",
"relates_to_product_reference": "9Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.ppc64le"
},
"product_reference": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.s390x"
},
"product_reference": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.s390x",
"relates_to_product_reference": "9Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.src as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.src"
},
"product_reference": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.src",
"relates_to_product_reference": "9Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64"
},
"product_reference": "openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "9Base-RHOSE-4.12:openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64"
},
"product_reference": "openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.aarch64"
},
"product_reference": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.aarch64",
"relates_to_product_reference": "9Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.ppc64le"
},
"product_reference": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.s390x"
},
"product_reference": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.s390x",
"relates_to_product_reference": "9Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-werkzeug-0:2.0.3-5.el9.src as a component of Ironic content for Red Hat OpenShift Container Platform 4.12",
"product_id": "9Base-RHOSE-IRONIC-4.12:python-werkzeug-0:2.0.3-5.el9.src"
},
"product_reference": "python-werkzeug-0:2.0.3-5.el9.src",
"relates_to_product_reference": "9Base-RHOSE-IRONIC-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-werkzeug-0:2.0.3-5.el9.noarch as a component of Ironic content for Red Hat OpenShift Container Platform 4.12",
"product_id": "9Base-RHOSE-IRONIC-4.12:python3-werkzeug-0:2.0.3-5.el9.noarch"
},
"product_reference": "python3-werkzeug-0:2.0.3-5.el9.noarch",
"relates_to_product_reference": "9Base-RHOSE-IRONIC-4.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.src",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debuginfo-common-aarch64-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debuginfo-common-ppc64le-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debuginfo-common-s390x-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debuginfo-common-x86_64-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-doc-0:4.18.0-372.82.1.el8_6.noarch",
"8Base-RHOSE-4.12:kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.src",
"8Base-RHOSE-4.12:kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-selftests-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-zfcpdump-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-core-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-devel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-modules-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.src",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.s390x",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.src",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.12:openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.s390x",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"9Base-RHOSE-4.12:openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.src",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.aarch64",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.ppc64le",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.s390x",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.src",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64",
"9Base-RHOSE-4.12:openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.aarch64",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.ppc64le",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.s390x",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.x86_64",
"9Base-RHOSE-IRONIC-4.12:python-werkzeug-0:2.0.3-5.el9.src",
"9Base-RHOSE-IRONIC-4.12:python3-werkzeug-0:2.0.3-5.el9.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.src",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64"
],
"known_not_affected": [
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.src",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debuginfo-common-aarch64-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debuginfo-common-ppc64le-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debuginfo-common-s390x-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debuginfo-common-x86_64-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-doc-0:4.18.0-372.82.1.el8_6.noarch",
"8Base-RHOSE-4.12:kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.src",
"8Base-RHOSE-4.12:kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-selftests-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-zfcpdump-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-core-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-devel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-modules-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.src",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.s390x",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.src",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.12:openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.s390x",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"9Base-RHOSE-4.12:openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.src",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.aarch64",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.ppc64le",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.s390x",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.src",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64",
"9Base-RHOSE-4.12:openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.aarch64",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.ppc64le",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.s390x",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.x86_64",
"9Base-RHOSE-IRONIC-4.12:python-werkzeug-0:2.0.3-5.el9.src",
"9Base-RHOSE-IRONIC-4.12:python3-werkzeug-0:2.0.3-5.el9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-06T18:17:51+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html",
"product_ids": [
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.src",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7610"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.src",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.src",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debuginfo-common-aarch64-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debuginfo-common-ppc64le-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debuginfo-common-s390x-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debuginfo-common-x86_64-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-doc-0:4.18.0-372.82.1.el8_6.noarch",
"8Base-RHOSE-4.12:kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.src",
"8Base-RHOSE-4.12:kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-selftests-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-zfcpdump-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-core-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-devel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-modules-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.src",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.s390x",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.src",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.12:openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.s390x",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"9Base-RHOSE-4.12:openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.src",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.aarch64",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.ppc64le",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.s390x",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.src",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64",
"9Base-RHOSE-4.12:openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.aarch64",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.ppc64le",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.s390x",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.x86_64",
"9Base-RHOSE-IRONIC-4.12:python-werkzeug-0:2.0.3-5.el9.src",
"9Base-RHOSE-IRONIC-4.12:python3-werkzeug-0:2.0.3-5.el9.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.src",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.src",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debuginfo-common-aarch64-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debuginfo-common-ppc64le-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debuginfo-common-s390x-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debuginfo-common-x86_64-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-doc-0:4.18.0-372.82.1.el8_6.noarch",
"8Base-RHOSE-4.12:kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.src",
"8Base-RHOSE-4.12:kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-selftests-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-zfcpdump-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-core-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-devel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-modules-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.src",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.s390x",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.src",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.12:openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.s390x",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"9Base-RHOSE-4.12:openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.src",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.aarch64",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.ppc64le",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.s390x",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.src",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64",
"9Base-RHOSE-4.12:openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.aarch64",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.ppc64le",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.s390x",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.x86_64",
"9Base-RHOSE-IRONIC-4.12:python-werkzeug-0:2.0.3-5.el9.src",
"9Base-RHOSE-IRONIC-4.12:python3-werkzeug-0:2.0.3-5.el9.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
},
{
"cve": "CVE-2023-46136",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2023-10-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.src",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.src",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debuginfo-common-aarch64-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debuginfo-common-ppc64le-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debuginfo-common-s390x-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debuginfo-common-x86_64-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-doc-0:4.18.0-372.82.1.el8_6.noarch",
"8Base-RHOSE-4.12:kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.src",
"8Base-RHOSE-4.12:kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-selftests-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-zfcpdump-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-core-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-devel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-modules-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.src",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.s390x",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.src",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.12:openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.s390x",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"9Base-RHOSE-4.12:openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.src",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.aarch64",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.ppc64le",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.s390x",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.src",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64",
"9Base-RHOSE-4.12:openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.aarch64",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.ppc64le",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.s390x",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2246310"
}
],
"notes": [
{
"category": "description",
"text": "A resource consumption flaw was found in python-werkzeug. If a specially crafted file is uploaded by a remote attacker, it may cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-werkzeug: high resource consumption leading to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability found in python-werkzeug, which lets attackers carry out denial of service attacks by using carefully crafted multipart data, is considered a moderate issue because it could affect system resources and availability. When this vulnerability is exploited, it can cause the CPU to work excessively hard because the parsing mechanism keeps adding data chunks to an internal buffer without checking boundaries properly. This can result in legitimate requests being delayed or denied as worker processes get overloaded, affecting how well the web application performs and responds. While this problem doesn\u2019t directly compromise data integrity or confidentiality, exploiting it can disrupt the availability of the service, which is why it\u2019s seen as a moderate issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-IRONIC-4.12:python-werkzeug-0:2.0.3-5.el9.src",
"9Base-RHOSE-IRONIC-4.12:python3-werkzeug-0:2.0.3-5.el9.noarch"
],
"known_not_affected": [
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.src",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.src",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debuginfo-common-aarch64-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debuginfo-common-ppc64le-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debuginfo-common-s390x-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debuginfo-common-x86_64-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-doc-0:4.18.0-372.82.1.el8_6.noarch",
"8Base-RHOSE-4.12:kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.src",
"8Base-RHOSE-4.12:kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-selftests-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-zfcpdump-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-core-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-devel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-modules-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.src",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.s390x",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.src",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.12:openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.s390x",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"9Base-RHOSE-4.12:openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.src",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.aarch64",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.ppc64le",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.s390x",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.src",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64",
"9Base-RHOSE-4.12:openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.aarch64",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.ppc64le",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.s390x",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-46136"
},
{
"category": "external",
"summary": "RHBZ#2246310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-46136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46136"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-46136",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46136"
},
{
"category": "external",
"summary": "https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2",
"url": "https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2"
},
{
"category": "external",
"summary": "https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw",
"url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw"
}
],
"release_date": "2023-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-06T18:17:51+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html",
"product_ids": [
"9Base-RHOSE-IRONIC-4.12:python-werkzeug-0:2.0.3-5.el9.src",
"9Base-RHOSE-IRONIC-4.12:python3-werkzeug-0:2.0.3-5.el9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7610"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:bpftool-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:bpftool-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.src",
"8Base-RHOSE-4.12:cri-o-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"8Base-RHOSE-4.12:cri-o-debuginfo-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.aarch64",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.ppc64le",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.s390x",
"8Base-RHOSE-4.12:cri-o-debugsource-0:1.25.5-2.rhaos4.12.git0217273.el8.x86_64",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.src",
"8Base-RHOSE-4.12:kernel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-core-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-core-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-modules-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debug-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-debuginfo-common-aarch64-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-debuginfo-common-ppc64le-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-debuginfo-common-s390x-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-debuginfo-common-x86_64-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-doc-0:4.18.0-372.82.1.el8_6.noarch",
"8Base-RHOSE-4.12:kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-ipaclones-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-modules-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-modules-extra-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-modules-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.src",
"8Base-RHOSE-4.12:kernel-rt-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-core-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debug-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debuginfo-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-devel-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-kvm-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-modules-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-modules-extra-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-modules-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-rt-selftests-internal-0:4.18.0-372.82.1.rt7.241.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-selftests-internal-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-tools-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-tools-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-libs-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:kernel-tools-libs-devel-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:kernel-zfcpdump-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-core-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-devel-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-modules-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-modules-extra-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:kernel-zfcpdump-modules-internal-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.src",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.s390x",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.src",
"8Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.12:openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.s390x",
"8Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:perf-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:python3-perf-0:4.18.0-372.82.1.el8_6.x86_64",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.aarch64",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.ppc64le",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.s390x",
"8Base-RHOSE-4.12:python3-perf-debuginfo-0:4.18.0-372.82.1.el8_6.x86_64",
"9Base-RHOSE-4.12:openshift-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.src",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.aarch64",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.ppc64le",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.s390x",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.src",
"9Base-RHOSE-4.12:openshift-clients-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64",
"9Base-RHOSE-4.12:openshift-clients-redistributable-0:4.12.0-202311221849.p0.gd2ac7e1.assembly.stream.el9.x86_64",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.aarch64",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.ppc64le",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.s390x",
"9Base-RHOSE-4.12:openshift-hyperkube-0:4.12.0-202311161331.p0.ga52e8df.assembly.stream.el9.x86_64",
"9Base-RHOSE-IRONIC-4.12:python-werkzeug-0:2.0.3-5.el9.src",
"9Base-RHOSE-IRONIC-4.12:python3-werkzeug-0:2.0.3-5.el9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-werkzeug: high resource consumption leading to denial of service"
}
]
}
RHSA-2023:7637
Vulnerability from csaf_redhat - Published: 2023-12-04 18:01 - Updated: 2026-06-10 08:36Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 7 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug fixes and enhancements.
See the Red Hat JBoss Enterprise Application Platform 7.4.14 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK (CVE-2023-39410)
* guava: insecure temporary directory creation (CVE-2023-2976)
* eap-galleon: custom provisioning creates unsecured http-invoker (CVE-2023-4503)
* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)
* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)
* sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)
A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.
4.4 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Known not affected
77 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src | — |
Workaround
|
Threats
Impact
Moderate
An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.
6.8 (Medium)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Known not affected
72 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src | — |
Threats
Impact
Moderate
A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Known not affected
78 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.
5.3 (Medium)
Affected products
Fixed
80 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.
5.3 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Known not affected
70 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src | — |
Threats
Impact
Moderate
A flaw was found in Apache Mina SSHD that could be exploited on certain SFTP servers implemented using the Apache Mina RootedFileSystem. This issue could permit authenticated users to view information outside of their permissions scope.
4.3 (Medium)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Known not affected
72 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src | — |
Threats
Impact
Moderate
A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
78 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src | — |
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Known not affected
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
77 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug fixes and enhancements.\n\nSee the Red Hat JBoss Enterprise Application Platform 7.4.14 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK (CVE-2023-39410)\n\n* guava: insecure temporary directory creation (CVE-2023-2976)\n\n* eap-galleon: custom provisioning creates unsecured http-invoker (CVE-2023-4503)\n\n* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)\n\n* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)\n\n* sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)\n\nA Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7637",
"url": "https://access.redhat.com/errata/RHSA-2023:7637"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "2184751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184751"
},
{
"category": "external",
"summary": "2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "2236340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
},
{
"category": "external",
"summary": "2236341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
},
{
"category": "external",
"summary": "2240036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240036"
},
{
"category": "external",
"summary": "2242521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "JBEAP-25004",
"url": "https://issues.redhat.com/browse/JBEAP-25004"
},
{
"category": "external",
"summary": "JBEAP-25085",
"url": "https://issues.redhat.com/browse/JBEAP-25085"
},
{
"category": "external",
"summary": "JBEAP-25086",
"url": "https://issues.redhat.com/browse/JBEAP-25086"
},
{
"category": "external",
"summary": "JBEAP-25378",
"url": "https://issues.redhat.com/browse/JBEAP-25378"
},
{
"category": "external",
"summary": "JBEAP-25380",
"url": "https://issues.redhat.com/browse/JBEAP-25380"
},
{
"category": "external",
"summary": "JBEAP-25419",
"url": "https://issues.redhat.com/browse/JBEAP-25419"
},
{
"category": "external",
"summary": "JBEAP-25451",
"url": "https://issues.redhat.com/browse/JBEAP-25451"
},
{
"category": "external",
"summary": "JBEAP-25457",
"url": "https://issues.redhat.com/browse/JBEAP-25457"
},
{
"category": "external",
"summary": "JBEAP-25541",
"url": "https://issues.redhat.com/browse/JBEAP-25541"
},
{
"category": "external",
"summary": "JBEAP-25547",
"url": "https://issues.redhat.com/browse/JBEAP-25547"
},
{
"category": "external",
"summary": "JBEAP-25576",
"url": "https://issues.redhat.com/browse/JBEAP-25576"
},
{
"category": "external",
"summary": "JBEAP-25594",
"url": "https://issues.redhat.com/browse/JBEAP-25594"
},
{
"category": "external",
"summary": "JBEAP-25627",
"url": "https://issues.redhat.com/browse/JBEAP-25627"
},
{
"category": "external",
"summary": "JBEAP-25657",
"url": "https://issues.redhat.com/browse/JBEAP-25657"
},
{
"category": "external",
"summary": "JBEAP-25685",
"url": "https://issues.redhat.com/browse/JBEAP-25685"
},
{
"category": "external",
"summary": "JBEAP-25700",
"url": "https://issues.redhat.com/browse/JBEAP-25700"
},
{
"category": "external",
"summary": "JBEAP-25716",
"url": "https://issues.redhat.com/browse/JBEAP-25716"
},
{
"category": "external",
"summary": "JBEAP-25726",
"url": "https://issues.redhat.com/browse/JBEAP-25726"
},
{
"category": "external",
"summary": "JBEAP-25772",
"url": "https://issues.redhat.com/browse/JBEAP-25772"
},
{
"category": "external",
"summary": "JBEAP-25779",
"url": "https://issues.redhat.com/browse/JBEAP-25779"
},
{
"category": "external",
"summary": "JBEAP-25803",
"url": "https://issues.redhat.com/browse/JBEAP-25803"
},
{
"category": "external",
"summary": "JBEAP-25838",
"url": "https://issues.redhat.com/browse/JBEAP-25838"
},
{
"category": "external",
"summary": "JBEAP-26041",
"url": "https://issues.redhat.com/browse/JBEAP-26041"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7637.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 7 security update",
"tracking": {
"current_release_date": "2026-06-10T08:36:52+00:00",
"generator": {
"date": "2026-06-10T08:36:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2023:7637",
"initial_release_date": "2023-12-04T18:01:18+00:00",
"revision_history": [
{
"date": "2023-12-04T18:01:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-12-04T18:01:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-10T08:36:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jandex@2.4.4-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-avro@1.11.3-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src",
"product_id": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-yasson@1.0.11-4.redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.16-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.20-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.11-1.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.14-1.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.9-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups@4.2.23-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.32-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.3-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.1-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.28-1.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"product_id": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-17.redhat_00051.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"product_id": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-guava-libraries@32.1.1-2.jre_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core@3.1.10-2.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-33.Final_redhat_00032.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.14-5.GA_redhat_00002.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jandex@2.4.4-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-avro@1.11.3-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"product_id": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-yasson@1.0.11-4.redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.16-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.20-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.11-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.14-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.14-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.9-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups@4.2.23-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.32-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.32-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.32-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.32-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.32-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.3-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.1-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.28-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-guava@32.1.1-2.jre_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-guava-libraries@32.1.1-2.jre_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core@3.1.10-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core-impl@3.1.10-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core-jsf@3.1.10-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-ejb@3.1.10-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-jta@3.1.10-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-probe-core@3.1.10-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-web@3.1.10-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-33.Final_redhat_00032.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-33.Final_redhat_00032.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-33.Final_redhat_00032.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.14-5.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.14-5.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.14-5.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.14-5.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.14-5.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2976",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2023-06-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215229"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "guava: insecure temporary directory creation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-2976"
},
{
"category": "external",
"summary": "RHBZ#2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
}
],
"release_date": "2023-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:01:18+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7637"
},
{
"category": "workaround",
"details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "guava: insecure temporary directory creation"
},
{
"cve": "CVE-2023-4503",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"discovery_date": "2022-11-22T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2184751"
}
],
"notes": [
{
"category": "description",
"text": "An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eap-galleon: custom provisioning creates unsecured http-invoker",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4503"
},
{
"category": "external",
"summary": "RHBZ#2184751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4503"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4503",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4503"
}
],
"release_date": "2023-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:01:18+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7637"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "eap-galleon: custom provisioning creates unsecured http-invoker"
},
{
"cve": "CVE-2023-5685",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2241822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xnio: StackOverflowException when the chain of notifier states becomes problematically big",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this vulnerability as an Important impact as the uncontrolled resource consumption may lead to Denial of Service (DoS). This might be intentioned by an attacker who is looking to jeopardize an environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5685"
},
{
"category": "external",
"summary": "RHBZ#2241822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5685",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5685"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:01:18+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7637"
},
{
"category": "workaround",
"details": "There is currently no mitigation available for this vulnerability. Please keep the packages up-to-date as the updates become available.",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xnio: StackOverflowException when the chain of notifier states becomes problematically big"
},
{
"cve": "CVE-2023-26048",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-08-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26048"
},
{
"category": "external",
"summary": "RHBZ#2236340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
}
],
"release_date": "2023-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:01:18+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7637"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()"
},
{
"cve": "CVE-2023-26049",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2023-08-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236341"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26049"
},
{
"category": "external",
"summary": "RHBZ#2236341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c"
}
],
"release_date": "2023-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:01:18+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7637"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies"
},
{
"cve": "CVE-2023-35887",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2023-09-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240036"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Mina SSHD that could be exploited on certain SFTP servers implemented using the Apache Mina RootedFileSystem. This issue could permit authenticated users to view information outside of their permissions scope.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-mina-sshd: information exposure in SFTP server implementations",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-35887"
},
{
"category": "external",
"summary": "RHBZ#2240036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240036"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-35887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35887"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35887",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35887"
}
],
"release_date": "2023-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:01:18+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7637"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-mina-sshd: information exposure in SFTP server implementations"
},
{
"cve": "CVE-2023-39410",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2023-10-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242521"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39410"
},
{
"category": "external",
"summary": "RHBZ#2242521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/AVRO-3819",
"url": "https://issues.apache.org/jira/browse/AVRO-3819"
}
],
"release_date": "2023-09-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:01:18+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7637"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:01:18+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7637"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:7638
Vulnerability from csaf_redhat - Published: 2023-12-04 18:02 - Updated: 2026-06-10 08:36Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 8 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug fixes and enhancements.
See the Red Hat JBoss Enterprise Application Platform 7.4.14 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK (CVE-2023-39410)
* guava: insecure temporary directory creation (CVE-2023-2976)
* eap-galleon: custom provisioning creates unsecured http-invoker (CVE-2023-4503)
* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)
* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)
* sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)
A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.
4.4 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
Known not affected
78 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src | — |
Workaround
|
Threats
Impact
Moderate
An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.
6.8 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
Known not affected
72 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src | — |
Threats
Impact
Moderate
A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).
7.5 (High)
Affected products
Fixed
2 products
Known not affected
79 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.
5.3 (Medium)
Affected products
Fixed
81 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.
5.3 (Medium)
Affected products
Fixed
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
Known not affected
70 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src | — |
Threats
Impact
Moderate
A flaw was found in Apache Mina SSHD that could be exploited on certain SFTP servers implemented using the Apache Mina RootedFileSystem. This issue could permit authenticated users to view information outside of their permissions scope.
4.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
Known not affected
72 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src | — |
Threats
Impact
Moderate
A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
79 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch | — | ||
| Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src | — |
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
Known not affected
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
77 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug fixes and enhancements.\n\nSee the Red Hat JBoss Enterprise Application Platform 7.4.14 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK (CVE-2023-39410)\n\n* guava: insecure temporary directory creation (CVE-2023-2976)\n\n* eap-galleon: custom provisioning creates unsecured http-invoker (CVE-2023-4503)\n\n* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)\n\n* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)\n\n* sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)\n\nA Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7638",
"url": "https://access.redhat.com/errata/RHSA-2023:7638"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "2184751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184751"
},
{
"category": "external",
"summary": "2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "2236340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
},
{
"category": "external",
"summary": "2236341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
},
{
"category": "external",
"summary": "2240036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240036"
},
{
"category": "external",
"summary": "2242521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "JBEAP-25004",
"url": "https://issues.redhat.com/browse/JBEAP-25004"
},
{
"category": "external",
"summary": "JBEAP-25085",
"url": "https://issues.redhat.com/browse/JBEAP-25085"
},
{
"category": "external",
"summary": "JBEAP-25086",
"url": "https://issues.redhat.com/browse/JBEAP-25086"
},
{
"category": "external",
"summary": "JBEAP-25378",
"url": "https://issues.redhat.com/browse/JBEAP-25378"
},
{
"category": "external",
"summary": "JBEAP-25380",
"url": "https://issues.redhat.com/browse/JBEAP-25380"
},
{
"category": "external",
"summary": "JBEAP-25419",
"url": "https://issues.redhat.com/browse/JBEAP-25419"
},
{
"category": "external",
"summary": "JBEAP-25451",
"url": "https://issues.redhat.com/browse/JBEAP-25451"
},
{
"category": "external",
"summary": "JBEAP-25457",
"url": "https://issues.redhat.com/browse/JBEAP-25457"
},
{
"category": "external",
"summary": "JBEAP-25541",
"url": "https://issues.redhat.com/browse/JBEAP-25541"
},
{
"category": "external",
"summary": "JBEAP-25547",
"url": "https://issues.redhat.com/browse/JBEAP-25547"
},
{
"category": "external",
"summary": "JBEAP-25576",
"url": "https://issues.redhat.com/browse/JBEAP-25576"
},
{
"category": "external",
"summary": "JBEAP-25594",
"url": "https://issues.redhat.com/browse/JBEAP-25594"
},
{
"category": "external",
"summary": "JBEAP-25627",
"url": "https://issues.redhat.com/browse/JBEAP-25627"
},
{
"category": "external",
"summary": "JBEAP-25657",
"url": "https://issues.redhat.com/browse/JBEAP-25657"
},
{
"category": "external",
"summary": "JBEAP-25685",
"url": "https://issues.redhat.com/browse/JBEAP-25685"
},
{
"category": "external",
"summary": "JBEAP-25700",
"url": "https://issues.redhat.com/browse/JBEAP-25700"
},
{
"category": "external",
"summary": "JBEAP-25716",
"url": "https://issues.redhat.com/browse/JBEAP-25716"
},
{
"category": "external",
"summary": "JBEAP-25726",
"url": "https://issues.redhat.com/browse/JBEAP-25726"
},
{
"category": "external",
"summary": "JBEAP-25772",
"url": "https://issues.redhat.com/browse/JBEAP-25772"
},
{
"category": "external",
"summary": "JBEAP-25779",
"url": "https://issues.redhat.com/browse/JBEAP-25779"
},
{
"category": "external",
"summary": "JBEAP-25803",
"url": "https://issues.redhat.com/browse/JBEAP-25803"
},
{
"category": "external",
"summary": "JBEAP-25838",
"url": "https://issues.redhat.com/browse/JBEAP-25838"
},
{
"category": "external",
"summary": "JBEAP-26041",
"url": "https://issues.redhat.com/browse/JBEAP-26041"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7638.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 8 security update",
"tracking": {
"current_release_date": "2026-06-10T08:36:52+00:00",
"generator": {
"date": "2026-06-10T08:36:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2023:7638",
"initial_release_date": "2023-12-04T18:02:31+00:00",
"revision_history": [
{
"date": "2023-12-04T18:02:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-12-04T18:02:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-10T08:36:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 8",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jandex@2.4.4-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-avro@1.11.3-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src",
"product": {
"name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src",
"product_id": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-yasson@1.0.11-4.redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.16-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups@4.2.23-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.20-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.11-1.SP1_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.32-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.14-1.SP1_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.9-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.3-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.1-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"product_id": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.28-1.SP1_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"product_id": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-17.redhat_00051.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"product_id": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-guava-libraries@32.1.1-2.jre_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core@3.1.10-2.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-33.Final_redhat_00032.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"product_id": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.14-5.GA_redhat_00002.1.el8eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jandex@2.4.4-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-avro@1.11.3-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"product_id": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-yasson@1.0.11-4.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.16-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups@4.2.23-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.20-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.11-1.SP1_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.32-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.32-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.32-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.32-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.32-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.14-1.SP1_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.14-1.SP1_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.9-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.3-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.1-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.28-1.SP1_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-guava@32.1.1-2.jre_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-guava-libraries@32.1.1-2.jre_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core@3.1.10-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core-impl@3.1.10-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core-jsf@3.1.10-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-ejb@3.1.10-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-jta@3.1.10-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-probe-core@3.1.10-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-web@3.1.10-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-33.Final_redhat_00032.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-33.Final_redhat_00032.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-33.Final_redhat_00032.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.14-5.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.14-5.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.14-5.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.14-5.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.14-5.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.14-5.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
},
"product_reference": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2976",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2023-06-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215229"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "guava: insecure temporary directory creation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-2976"
},
{
"category": "external",
"summary": "RHBZ#2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
}
],
"release_date": "2023-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:02:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7638"
},
{
"category": "workaround",
"details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "guava: insecure temporary directory creation"
},
{
"cve": "CVE-2023-4503",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"discovery_date": "2022-11-22T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2184751"
}
],
"notes": [
{
"category": "description",
"text": "An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eap-galleon: custom provisioning creates unsecured http-invoker",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4503"
},
{
"category": "external",
"summary": "RHBZ#2184751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4503"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4503",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4503"
}
],
"release_date": "2023-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:02:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7638"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "eap-galleon: custom provisioning creates unsecured http-invoker"
},
{
"cve": "CVE-2023-5685",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2241822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xnio: StackOverflowException when the chain of notifier states becomes problematically big",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this vulnerability as an Important impact as the uncontrolled resource consumption may lead to Denial of Service (DoS). This might be intentioned by an attacker who is looking to jeopardize an environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5685"
},
{
"category": "external",
"summary": "RHBZ#2241822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5685",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5685"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:02:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7638"
},
{
"category": "workaround",
"details": "There is currently no mitigation available for this vulnerability. Please keep the packages up-to-date as the updates become available.",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xnio: StackOverflowException when the chain of notifier states becomes problematically big"
},
{
"cve": "CVE-2023-26048",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-08-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26048"
},
{
"category": "external",
"summary": "RHBZ#2236340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
}
],
"release_date": "2023-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:02:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7638"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()"
},
{
"cve": "CVE-2023-26049",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2023-08-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236341"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26049"
},
{
"category": "external",
"summary": "RHBZ#2236341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c"
}
],
"release_date": "2023-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:02:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7638"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies"
},
{
"cve": "CVE-2023-35887",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2023-09-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240036"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Mina SSHD that could be exploited on certain SFTP servers implemented using the Apache Mina RootedFileSystem. This issue could permit authenticated users to view information outside of their permissions scope.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-mina-sshd: information exposure in SFTP server implementations",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-35887"
},
{
"category": "external",
"summary": "RHBZ#2240036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240036"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-35887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35887"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35887",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35887"
}
],
"release_date": "2023-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:02:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7638"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-mina-sshd: information exposure in SFTP server implementations"
},
{
"cve": "CVE-2023-39410",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2023-10-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242521"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39410"
},
{
"category": "external",
"summary": "RHBZ#2242521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/AVRO-3819",
"url": "https://issues.apache.org/jira/browse/AVRO-3819"
}
],
"release_date": "2023-09-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:02:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7638"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:02:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7638"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:7639
Vulnerability from csaf_redhat - Published: 2023-12-04 18:00 - Updated: 2026-06-10 08:36Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 9 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug fixes and enhancements.
See the Red Hat JBoss Enterprise Application Platform 7.4.14 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK (CVE-2023-39410)
* guava: insecure temporary directory creation (CVE-2023-2976)
* eap-galleon: custom provisioning creates unsecured http-invoker (CVE-2023-4503)
* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)
* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)
* sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)
A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.
4.4 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
Known not affected
76 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src | — |
Workaround
|
Threats
Impact
Moderate
An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.
6.8 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
Known not affected
70 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src | — |
Threats
Impact
Moderate
A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).
7.5 (High)
Affected products
Fixed
2 products
Known not affected
77 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.
5.3 (Medium)
Affected products
Fixed
79 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.
5.3 (Medium)
Affected products
Fixed
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
Known not affected
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src | — |
Threats
Impact
Moderate
A flaw was found in Apache Mina SSHD that could be exploited on certain SFTP servers implemented using the Apache Mina RootedFileSystem. This issue could permit authenticated users to view information outside of their permissions scope.
4.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
Known not affected
70 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src | — |
Threats
Impact
Moderate
A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
77 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch | — | ||
| Unresolved product id: 9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src | — |
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
39 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
Known not affected
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
77 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug fixes and enhancements.\n\nSee the Red Hat JBoss Enterprise Application Platform 7.4.14 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK (CVE-2023-39410)\n\n* guava: insecure temporary directory creation (CVE-2023-2976)\n\n* eap-galleon: custom provisioning creates unsecured http-invoker (CVE-2023-4503)\n\n* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)\n\n* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)\n\n* sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)\n\nA Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7639",
"url": "https://access.redhat.com/errata/RHSA-2023:7639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "2184751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184751"
},
{
"category": "external",
"summary": "2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "2236340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
},
{
"category": "external",
"summary": "2236341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
},
{
"category": "external",
"summary": "2240036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240036"
},
{
"category": "external",
"summary": "2242521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "JBEAP-25004",
"url": "https://issues.redhat.com/browse/JBEAP-25004"
},
{
"category": "external",
"summary": "JBEAP-25085",
"url": "https://issues.redhat.com/browse/JBEAP-25085"
},
{
"category": "external",
"summary": "JBEAP-25086",
"url": "https://issues.redhat.com/browse/JBEAP-25086"
},
{
"category": "external",
"summary": "JBEAP-25378",
"url": "https://issues.redhat.com/browse/JBEAP-25378"
},
{
"category": "external",
"summary": "JBEAP-25380",
"url": "https://issues.redhat.com/browse/JBEAP-25380"
},
{
"category": "external",
"summary": "JBEAP-25419",
"url": "https://issues.redhat.com/browse/JBEAP-25419"
},
{
"category": "external",
"summary": "JBEAP-25451",
"url": "https://issues.redhat.com/browse/JBEAP-25451"
},
{
"category": "external",
"summary": "JBEAP-25457",
"url": "https://issues.redhat.com/browse/JBEAP-25457"
},
{
"category": "external",
"summary": "JBEAP-25541",
"url": "https://issues.redhat.com/browse/JBEAP-25541"
},
{
"category": "external",
"summary": "JBEAP-25547",
"url": "https://issues.redhat.com/browse/JBEAP-25547"
},
{
"category": "external",
"summary": "JBEAP-25576",
"url": "https://issues.redhat.com/browse/JBEAP-25576"
},
{
"category": "external",
"summary": "JBEAP-25594",
"url": "https://issues.redhat.com/browse/JBEAP-25594"
},
{
"category": "external",
"summary": "JBEAP-25627",
"url": "https://issues.redhat.com/browse/JBEAP-25627"
},
{
"category": "external",
"summary": "JBEAP-25657",
"url": "https://issues.redhat.com/browse/JBEAP-25657"
},
{
"category": "external",
"summary": "JBEAP-25685",
"url": "https://issues.redhat.com/browse/JBEAP-25685"
},
{
"category": "external",
"summary": "JBEAP-25700",
"url": "https://issues.redhat.com/browse/JBEAP-25700"
},
{
"category": "external",
"summary": "JBEAP-25716",
"url": "https://issues.redhat.com/browse/JBEAP-25716"
},
{
"category": "external",
"summary": "JBEAP-25726",
"url": "https://issues.redhat.com/browse/JBEAP-25726"
},
{
"category": "external",
"summary": "JBEAP-25772",
"url": "https://issues.redhat.com/browse/JBEAP-25772"
},
{
"category": "external",
"summary": "JBEAP-25779",
"url": "https://issues.redhat.com/browse/JBEAP-25779"
},
{
"category": "external",
"summary": "JBEAP-25803",
"url": "https://issues.redhat.com/browse/JBEAP-25803"
},
{
"category": "external",
"summary": "JBEAP-25838",
"url": "https://issues.redhat.com/browse/JBEAP-25838"
},
{
"category": "external",
"summary": "JBEAP-26041",
"url": "https://issues.redhat.com/browse/JBEAP-26041"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7639.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 9 security update",
"tracking": {
"current_release_date": "2026-06-10T08:36:55+00:00",
"generator": {
"date": "2026-06-10T08:36:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2023:7639",
"initial_release_date": "2023-12-04T18:00:03+00:00",
"revision_history": [
{
"date": "2023-12-04T18:00:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-12-04T18:00:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-10T08:36:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 9",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jandex@2.4.4-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"product_id": "eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-avro@1.11.3-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src",
"product": {
"name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src",
"product_id": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-yasson@1.0.11-4.redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups@4.2.23-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.16-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"product_id": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.3-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.20-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.14-1.SP1_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.11-1.SP1_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.32-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.9-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.1-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"product_id": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.28-1.SP1_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"product_id": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-17.redhat_00051.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"product_id": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-guava-libraries@32.1.1-2.jre_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core@3.1.10-2.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-33.Final_redhat_00032.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"product_id": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.14-5.GA_redhat_00002.1.el9eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jandex@2.4.4-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-avro@1.11.3-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"product_id": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-yasson@1.0.11-4.redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups@4.2.23-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.16-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.3-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.20-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.14-1.SP1_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.14-1.SP1_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.11-1.SP1_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.18-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.18-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.18-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.18-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.18-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.18-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.18-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.18-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.18-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.32-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.32-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.32-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.9-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.1-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.28-1.SP1_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-17.redhat_00051.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-17.redhat_00051.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-17.redhat_00051.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-17.redhat_00051.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-17.redhat_00051.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-17.redhat_00051.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-17.redhat_00051.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-17.redhat_00051.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-17.redhat_00051.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-17.redhat_00051.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-17.redhat_00051.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-17.redhat_00051.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-17.redhat_00051.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-17.redhat_00051.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-17.redhat_00051.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-17.redhat_00051.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-guava@32.1.1-2.jre_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-guava-libraries@32.1.1-2.jre_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core@3.1.10-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core-impl@3.1.10-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core-jsf@3.1.10-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-ejb@3.1.10-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-jta@3.1.10-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-probe-core@3.1.10-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-web@3.1.10-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-33.Final_redhat_00032.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-33.Final_redhat_00032.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-33.Final_redhat_00032.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.14-5.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.14-5.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.14-5.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.14-5.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.14-5.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.14-5.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
},
"product_reference": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2976",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2023-06-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215229"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "guava: insecure temporary directory creation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-2976"
},
{
"category": "external",
"summary": "RHBZ#2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
}
],
"release_date": "2023-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:00:03+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n \nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7639"
},
{
"category": "workaround",
"details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "guava: insecure temporary directory creation"
},
{
"cve": "CVE-2023-4503",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"discovery_date": "2022-11-22T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2184751"
}
],
"notes": [
{
"category": "description",
"text": "An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eap-galleon: custom provisioning creates unsecured http-invoker",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4503"
},
{
"category": "external",
"summary": "RHBZ#2184751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4503"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4503",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4503"
}
],
"release_date": "2023-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:00:03+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n \nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7639"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "eap-galleon: custom provisioning creates unsecured http-invoker"
},
{
"cve": "CVE-2023-5685",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2241822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xnio: StackOverflowException when the chain of notifier states becomes problematically big",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this vulnerability as an Important impact as the uncontrolled resource consumption may lead to Denial of Service (DoS). This might be intentioned by an attacker who is looking to jeopardize an environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5685"
},
{
"category": "external",
"summary": "RHBZ#2241822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5685",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5685"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:00:03+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n \nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7639"
},
{
"category": "workaround",
"details": "There is currently no mitigation available for this vulnerability. Please keep the packages up-to-date as the updates become available.",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xnio: StackOverflowException when the chain of notifier states becomes problematically big"
},
{
"cve": "CVE-2023-26048",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-08-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26048"
},
{
"category": "external",
"summary": "RHBZ#2236340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
}
],
"release_date": "2023-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:00:03+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n \nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7639"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()"
},
{
"cve": "CVE-2023-26049",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2023-08-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236341"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26049"
},
{
"category": "external",
"summary": "RHBZ#2236341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c"
}
],
"release_date": "2023-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:00:03+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n \nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7639"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies"
},
{
"cve": "CVE-2023-35887",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2023-09-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240036"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Mina SSHD that could be exploited on certain SFTP servers implemented using the Apache Mina RootedFileSystem. This issue could permit authenticated users to view information outside of their permissions scope.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-mina-sshd: information exposure in SFTP server implementations",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-35887"
},
{
"category": "external",
"summary": "RHBZ#2240036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240036"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-35887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35887"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35887",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35887"
}
],
"release_date": "2023-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:00:03+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n \nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7639"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-mina-sshd: information exposure in SFTP server implementations"
},
{
"cve": "CVE-2023-39410",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2023-10-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242521"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39410"
},
{
"category": "external",
"summary": "RHBZ#2242521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/AVRO-3819",
"url": "https://issues.apache.org/jira/browse/AVRO-3819"
}
],
"release_date": "2023-09-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:00:03+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n \nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7639"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:00:03+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n \nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7639"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap.src"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:7641
Vulnerability from csaf_redhat - Published: 2023-12-04 18:02 - Updated: 2026-06-10 08:36Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug fixes and enhancements.
See the Red Hat JBoss Enterprise Application Platform 7.4.14 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK (CVE-2023-39410)
* guava: insecure temporary directory creation (CVE-2023-2976)
* eap-galleon: custom provisioning creates unsecured http-invoker (CVE-2023-4503)
* sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)
* xnio: StackOverflowException when the chain of notifier states becomes problematically big (CVE-2023-5685)
A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.
4.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.4
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.
6.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.4
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Apache Mina SSHD that could be exploited on certain SFTP servers implemented using the Apache Mina RootedFileSystem. This issue could permit authenticated users to view information outside of their permissions scope.
4.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.4
|
— |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
66 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug fixes and enhancements.\n\nSee the Red Hat JBoss Enterprise Application Platform 7.4.14 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK (CVE-2023-39410)\n\n* guava: insecure temporary directory creation (CVE-2023-2976)\n\n* eap-galleon: custom provisioning creates unsecured http-invoker (CVE-2023-4503)\n\n* sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)\n\n* xnio: StackOverflowException when the chain of notifier states becomes problematically big (CVE-2023-5685)\n\nA Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7641",
"url": "https://access.redhat.com/errata/RHSA-2023:7641"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "2184751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184751"
},
{
"category": "external",
"summary": "2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "2240036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240036"
},
{
"category": "external",
"summary": "2241822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822"
},
{
"category": "external",
"summary": "2242521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521"
},
{
"category": "external",
"summary": "JBEAP-25004",
"url": "https://issues.redhat.com/browse/JBEAP-25004"
},
{
"category": "external",
"summary": "JBEAP-25085",
"url": "https://issues.redhat.com/browse/JBEAP-25085"
},
{
"category": "external",
"summary": "JBEAP-25086",
"url": "https://issues.redhat.com/browse/JBEAP-25086"
},
{
"category": "external",
"summary": "JBEAP-25378",
"url": "https://issues.redhat.com/browse/JBEAP-25378"
},
{
"category": "external",
"summary": "JBEAP-25380",
"url": "https://issues.redhat.com/browse/JBEAP-25380"
},
{
"category": "external",
"summary": "JBEAP-25419",
"url": "https://issues.redhat.com/browse/JBEAP-25419"
},
{
"category": "external",
"summary": "JBEAP-25451",
"url": "https://issues.redhat.com/browse/JBEAP-25451"
},
{
"category": "external",
"summary": "JBEAP-25457",
"url": "https://issues.redhat.com/browse/JBEAP-25457"
},
{
"category": "external",
"summary": "JBEAP-25541",
"url": "https://issues.redhat.com/browse/JBEAP-25541"
},
{
"category": "external",
"summary": "JBEAP-25547",
"url": "https://issues.redhat.com/browse/JBEAP-25547"
},
{
"category": "external",
"summary": "JBEAP-25576",
"url": "https://issues.redhat.com/browse/JBEAP-25576"
},
{
"category": "external",
"summary": "JBEAP-25594",
"url": "https://issues.redhat.com/browse/JBEAP-25594"
},
{
"category": "external",
"summary": "JBEAP-25627",
"url": "https://issues.redhat.com/browse/JBEAP-25627"
},
{
"category": "external",
"summary": "JBEAP-25657",
"url": "https://issues.redhat.com/browse/JBEAP-25657"
},
{
"category": "external",
"summary": "JBEAP-25685",
"url": "https://issues.redhat.com/browse/JBEAP-25685"
},
{
"category": "external",
"summary": "JBEAP-25700",
"url": "https://issues.redhat.com/browse/JBEAP-25700"
},
{
"category": "external",
"summary": "JBEAP-25716",
"url": "https://issues.redhat.com/browse/JBEAP-25716"
},
{
"category": "external",
"summary": "JBEAP-25726",
"url": "https://issues.redhat.com/browse/JBEAP-25726"
},
{
"category": "external",
"summary": "JBEAP-25772",
"url": "https://issues.redhat.com/browse/JBEAP-25772"
},
{
"category": "external",
"summary": "JBEAP-25779",
"url": "https://issues.redhat.com/browse/JBEAP-25779"
},
{
"category": "external",
"summary": "JBEAP-25803",
"url": "https://issues.redhat.com/browse/JBEAP-25803"
},
{
"category": "external",
"summary": "JBEAP-25838",
"url": "https://issues.redhat.com/browse/JBEAP-25838"
},
{
"category": "external",
"summary": "JBEAP-26041",
"url": "https://issues.redhat.com/browse/JBEAP-26041"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7641.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 security update",
"tracking": {
"current_release_date": "2026-06-10T08:36:55+00:00",
"generator": {
"date": "2026-06-10T08:36:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2023:7641",
"initial_release_date": "2023-12-04T18:02:14+00:00",
"revision_history": [
{
"date": "2023-12-04T18:02:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-23T22:34:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-10T08:36:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product_id": "Red Hat JBoss Enterprise Application Platform 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2976",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2023-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215229"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "guava: insecure temporary directory creation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-2976"
},
{
"category": "external",
"summary": "RHBZ#2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
}
],
"release_date": "2023-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:02:14+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7641"
},
{
"category": "workaround",
"details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "guava: insecure temporary directory creation"
},
{
"cve": "CVE-2023-4503",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"discovery_date": "2022-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2184751"
}
],
"notes": [
{
"category": "description",
"text": "An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eap-galleon: custom provisioning creates unsecured http-invoker",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4503"
},
{
"category": "external",
"summary": "RHBZ#2184751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4503"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4503",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4503"
}
],
"release_date": "2023-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:02:14+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "eap-galleon: custom provisioning creates unsecured http-invoker"
},
{
"cve": "CVE-2023-5685",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2241822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xnio: StackOverflowException when the chain of notifier states becomes problematically big",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this vulnerability as an Important impact as the uncontrolled resource consumption may lead to Denial of Service (DoS). This might be intentioned by an attacker who is looking to jeopardize an environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5685"
},
{
"category": "external",
"summary": "RHBZ#2241822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5685",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5685"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:02:14+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7641"
},
{
"category": "workaround",
"details": "There is currently no mitigation available for this vulnerability. Please keep the packages up-to-date as the updates become available.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xnio: StackOverflowException when the chain of notifier states becomes problematically big"
},
{
"cve": "CVE-2023-35887",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2023-09-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240036"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Mina SSHD that could be exploited on certain SFTP servers implemented using the Apache Mina RootedFileSystem. This issue could permit authenticated users to view information outside of their permissions scope.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-mina-sshd: information exposure in SFTP server implementations",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-35887"
},
{
"category": "external",
"summary": "RHBZ#2240036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240036"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-35887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35887"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35887",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35887"
}
],
"release_date": "2023-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:02:14+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-mina-sshd: information exposure in SFTP server implementations"
},
{
"cve": "CVE-2023-39410",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2023-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242521"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39410"
},
{
"category": "external",
"summary": "RHBZ#2242521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/AVRO-3819",
"url": "https://issues.apache.org/jira/browse/AVRO-3819"
}
],
"release_date": "2023-09-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:02:14+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-04T18:02:14+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7641"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…