Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-6644 (GCVE-0-2015-6644)
Vulnerability from cvelistv5 – Published: 2016-01-06 19:00 – Updated: 2024-08-06 07:29
VLAI?
EPSS
Summary
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2017:2809 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2017:1832 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2017:2810 | vendor-advisoryx_refsource_REDHAT |
| http://www.securitytracker.com/id/1034592 | vdb-entryx_refsource_SECTRACK |
| https://access.redhat.com/errata/RHSA-2017:2808 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/3727-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://source.android.com/security/bulletin/2016-… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:2927 | vendor-advisoryx_refsource_REDHAT |
| http://www.debian.org/security/2017/dsa-3829 | vendor-advisoryx_refsource_DEBIAN |
| https://access.redhat.com/errata/RHSA-2017:2811 | vendor-advisoryx_refsource_REDHAT |
| http://www.securityfocus.com/bid/79865 | vdb-entryx_refsource_BID |
Date Public ?
2016-01-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:29:24.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2809",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2809"
},
{
"name": "RHSA-2017:1832",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
},
{
"name": "RHSA-2017:2810",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2810"
},
{
"name": "1034592",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034592"
},
{
"name": "RHSA-2017:2808",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2808"
},
{
"name": "USN-3727-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3727-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.android.com/security/bulletin/2016-01-01.html"
},
{
"name": "RHSA-2018:2927",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2927"
},
{
"name": "DSA-3829",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3829"
},
{
"name": "RHSA-2017:2811",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2811"
},
{
"name": "79865",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79865"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T09:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"name": "RHSA-2017:2809",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2809"
},
{
"name": "RHSA-2017:1832",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
},
{
"name": "RHSA-2017:2810",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2810"
},
{
"name": "1034592",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034592"
},
{
"name": "RHSA-2017:2808",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2808"
},
{
"name": "USN-3727-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3727-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.android.com/security/bulletin/2016-01-01.html"
},
{
"name": "RHSA-2018:2927",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2927"
},
{
"name": "DSA-3829",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3829"
},
{
"name": "RHSA-2017:2811",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2811"
},
{
"name": "79865",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79865"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2015-6644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2809",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2809"
},
{
"name": "RHSA-2017:1832",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
},
{
"name": "RHSA-2017:2810",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2810"
},
{
"name": "1034592",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034592"
},
{
"name": "RHSA-2017:2808",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2808"
},
{
"name": "USN-3727-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3727-1/"
},
{
"name": "http://source.android.com/security/bulletin/2016-01-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-01-01.html"
},
{
"name": "RHSA-2018:2927",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2927"
},
{
"name": "DSA-3829",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3829"
},
{
"name": "RHSA-2017:2811",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2811"
},
{
"name": "79865",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79865"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2015-6644",
"datePublished": "2016-01-06T19:00:00.000Z",
"dateReserved": "2015-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:29:24.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2015-6644",
"date": "2026-05-21",
"epss": "0.00184",
"percentile": "0.39691"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3CEEA22-63B4-4702-A400-01349DF0EC1E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C4E6353-B77A-464F-B7DE-932704003B33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77125688-2CCA-4990-ABB2-551D47CB0CDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9915371-C730-41F7-B86E-7E4DE0DF5385\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B846C63A-7261-481E-B4A4-0D8C79E0D8A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1D94CDD-DE7B-444E-A3AE-AE9C9A779374\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E70C6D8D-C9C3-4D92-8DFC-71F59E068295\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"691FA41B-C2CE-413F-ABB1-0B22CB322807\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.\"}, {\"lang\": \"es\", \"value\": \"Bouncy Castle en Android en versiones anteriores a 5.1.1 LMY49F y 6.0 en versiones anteriores a 2016-01-01 permite a atacantes obtener informaci\\u00f3n sensible a trav\\u00e9s de una aplicaci\\u00f3n manipulada, tambi\\u00e9n conocida como error interno 24106146.\"}]",
"id": "CVE-2015-6644",
"lastModified": "2024-11-21T02:35:21.877",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\", \"baseScore\": 3.3, \"baseSeverity\": \"LOW\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2016-01-06T19:59:09.503",
"references": "[{\"url\": \"http://source.android.com/security/bulletin/2016-01-01.html\", \"source\": \"security@android.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2017/dsa-3829\", \"source\": \"security@android.com\"}, {\"url\": \"http://www.securityfocus.com/bid/79865\", \"source\": \"security@android.com\"}, {\"url\": \"http://www.securitytracker.com/id/1034592\", \"source\": \"security@android.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1832\", \"source\": \"security@android.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2808\", \"source\": \"security@android.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2809\", \"source\": \"security@android.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2810\", \"source\": \"security@android.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2811\", \"source\": \"security@android.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2927\", \"source\": \"security@android.com\"}, {\"url\": \"https://usn.ubuntu.com/3727-1/\", \"source\": \"security@android.com\"}, {\"url\": \"http://source.android.com/security/bulletin/2016-01-01.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2017/dsa-3829\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/79865\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1034592\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1832\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2808\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2809\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2810\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2811\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2927\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/3727-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security@android.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2015-6644\",\"sourceIdentifier\":\"security@android.com\",\"published\":\"2016-01-06T19:59:09.503\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.\"},{\"lang\":\"es\",\"value\":\"Bouncy Castle en Android en versiones anteriores a 5.1.1 LMY49F y 6.0 en versiones anteriores a 2016-01-01 permite a atacantes obtener informaci\u00f3n sensible a trav\u00e9s de una aplicaci\u00f3n manipulada, tambi\u00e9n conocida como error interno 24106146.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3CEEA22-63B4-4702-A400-01349DF0EC1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C4E6353-B77A-464F-B7DE-932704003B33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77125688-2CCA-4990-ABB2-551D47CB0CDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9915371-C730-41F7-B86E-7E4DE0DF5385\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B846C63A-7261-481E-B4A4-0D8C79E0D8A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1D94CDD-DE7B-444E-A3AE-AE9C9A779374\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E70C6D8D-C9C3-4D92-8DFC-71F59E068295\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"691FA41B-C2CE-413F-ABB1-0B22CB322807\"}]}]}],\"references\":[{\"url\":\"http://source.android.com/security/bulletin/2016-01-01.html\",\"source\":\"security@android.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3829\",\"source\":\"security@android.com\"},{\"url\":\"http://www.securityfocus.com/bid/79865\",\"source\":\"security@android.com\"},{\"url\":\"http://www.securitytracker.com/id/1034592\",\"source\":\"security@android.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1832\",\"source\":\"security@android.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2808\",\"source\":\"security@android.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2809\",\"source\":\"security@android.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2810\",\"source\":\"security@android.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2811\",\"source\":\"security@android.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2927\",\"source\":\"security@android.com\"},{\"url\":\"https://usn.ubuntu.com/3727-1/\",\"source\":\"security@android.com\"},{\"url\":\"http://source.android.com/security/bulletin/2016-01-01.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3829\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/79865\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1034592\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1832\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2808\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2809\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2810\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2811\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2927\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3727-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTFR-2016-AVI-002
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Android 6.0 et antérieures
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eAndroid 6.0 et ant\u00e9rieures\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-6636",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6636"
},
{
"name": "CVE-2015-6643",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6643"
},
{
"name": "CVE-2015-6640",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6640"
},
{
"name": "CVE-2015-6638",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6638"
},
{
"name": "CVE-2015-6639",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6639"
},
{
"name": "CVE-2015-6642",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6642"
},
{
"name": "CVE-2015-6644",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6644"
},
{
"name": "CVE-2015-6637",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6637"
},
{
"name": "CVE-2015-6641",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6641"
},
{
"name": "CVE-2015-6646",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6646"
},
{
"name": "CVE-2015-6645",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6645"
},
{
"name": "CVE-2015-5310",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5310"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Google Nexus Security Bulletin - January 2016 du 04 janvier 2016",
"url": "http://source.android.com/security/bulletin/2016-01-01.html"
}
],
"reference": "CERTFR-2016-AVI-002",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-01-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Android\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nun d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google Nexus Security Bulletin - January 2016 du 04 janvier 2016",
"url": null
}
]
}
CERTFR-2016-AVI-002
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Android 6.0 et antérieures
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eAndroid 6.0 et ant\u00e9rieures\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-6636",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6636"
},
{
"name": "CVE-2015-6643",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6643"
},
{
"name": "CVE-2015-6640",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6640"
},
{
"name": "CVE-2015-6638",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6638"
},
{
"name": "CVE-2015-6639",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6639"
},
{
"name": "CVE-2015-6642",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6642"
},
{
"name": "CVE-2015-6644",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6644"
},
{
"name": "CVE-2015-6637",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6637"
},
{
"name": "CVE-2015-6641",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6641"
},
{
"name": "CVE-2015-6646",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6646"
},
{
"name": "CVE-2015-6645",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6645"
},
{
"name": "CVE-2015-5310",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5310"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Google Nexus Security Bulletin - January 2016 du 04 janvier 2016",
"url": "http://source.android.com/security/bulletin/2016-01-01.html"
}
],
"reference": "CERTFR-2016-AVI-002",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-01-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Android\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nun d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google Nexus Security Bulletin - January 2016 du 04 janvier 2016",
"url": null
}
]
}
BDU:2016-00077
Vulnerability from fstec - Published: 06.01.2016
VLAI Severity ?
Title
Уязвимость операционной системы Android, позволяющая нарушителю получить конфиденциальную информацию
Description
Уязвимость средства криптографической защиты Bouncy Castle операционной системы Android связана с отсутствием защиты служебных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить конфиденциальную информацию с помощью специально созданного приложения
Severity ?
Vendor
Google Inc
Software Name
Android
Software Version
от 5.0 до 5.1.1 LMY49F (Android), от 6.0 до 6.0 2015-01-01 (Android)
Possible Mitigations
Обновление программного обеспечения до версий 5.1.1 LMY49F, 6.0 2015-01-01 или более новых
Reference
http://source.android.com/security/bulletin/2016-01-01.html
CWE
CWE-200
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS 3.0": null,
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Google Inc",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 5.0 \u0434\u043e 5.1.1 LMY49F (Android), \u043e\u0442 6.0 \u0434\u043e 6.0 2015-01-01 (Android)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0439 5.1.1 LMY49F, 6.0 2015-01-01 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043d\u043e\u0432\u044b\u0445",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "06.01.2016",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.01.2016",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2016-00077",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2015-6644",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Android",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Android, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b Bouncy Castle \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Android \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u043b\u0443\u0436\u0435\u0431\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://source.android.com/security/bulletin/2016-01-01.html",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}
CNVD-2016-00116
Vulnerability from cnvd - Published: 2016-01-11
VLAI Severity ?
Title
Android Bouncy Castle信息泄露漏洞
Description
Android是基于Linux开放性内核的手机操作系统。
Android 5.1.1 LMY49F之前版本、2016-01-01之前的6.0版本中的Bouncy Castle在实现上存在安全漏洞。远程攻击者利用此漏洞通过构造的应用,可获取敏感信息。
Severity
中
Patch Name
Android Bouncy Castle信息泄露漏洞的补丁
Patch Description
Android是基于Linux开放性内核的手机操作系统。
Android 5.1.1 LMY49F之前版本、2016-01-01之前的6.0版本中的Bouncy Castle在实现上存在安全漏洞。远程攻击者利用此漏洞通过构造的应用,可获取敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://source.android.com/security/bulletin/2016-01-01.html
Reference
http://source.android.com/security/bulletin/2016-01-01.html
Impacted products
| Name | ['Google Android 5.x(<5.1.1 LMY49F)', 'Google Android \r\n6.0(<2016-01-01)'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2015-6644"
}
},
"description": "Android\u662f\u57fa\u4e8eLinux\u5f00\u653e\u6027\u5185\u6838\u7684\u624b\u673a\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nAndroid 5.1.1 LMY49F\u4e4b\u524d\u7248\u672c\u30012016-01-01\u4e4b\u524d\u76846.0\u7248\u672c\u4e2d\u7684Bouncy Castle\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u901a\u8fc7\u6784\u9020\u7684\u5e94\u7528\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
"discovererName": "Quan Nguyen of Google Information Security Engineer Team",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://source.android.com/security/bulletin/2016-01-01.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-00116",
"openTime": "2016-01-11",
"patchDescription": "Android\u662f\u57fa\u4e8eLinux\u5f00\u653e\u6027\u5185\u6838\u7684\u624b\u673a\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nAndroid 5.1.1 LMY49F\u4e4b\u524d\u7248\u672c\u30012016-01-01\u4e4b\u524d\u76846.0\u7248\u672c\u4e2d\u7684Bouncy Castle\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u901a\u8fc7\u6784\u9020\u7684\u5e94\u7528\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Android Bouncy Castle\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Google Android 5.x(\u003c5.1.1 LMY49F)",
"Google Android \r\n6.0(\u003c2016-01-01)"
]
},
"referenceLink": "http://source.android.com/security/bulletin/2016-01-01.html",
"serverity": "\u4e2d",
"submitTime": "2016-01-08",
"title": "Android Bouncy Castle\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
FKIE_CVE-2015-6644
Vulnerability from fkie_nvd - Published: 2016-01-06 19:59 - Updated: 2026-05-06 22:30
Severity ?
Summary
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CEEA22-63B4-4702-A400-01349DF0EC1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4E6353-B77A-464F-B7DE-932704003B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77125688-2CCA-4990-ABB2-551D47CB0CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9915371-C730-41F7-B86E-7E4DE0DF5385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B846C63A-7261-481E-B4A4-0D8C79E0D8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D94CDD-DE7B-444E-A3AE-AE9C9A779374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146."
},
{
"lang": "es",
"value": "Bouncy Castle en Android en versiones anteriores a 5.1.1 LMY49F y 6.0 en versiones anteriores a 2016-01-01 permite a atacantes obtener informaci\u00f3n sensible a trav\u00e9s de una aplicaci\u00f3n manipulada, tambi\u00e9n conocida como error interno 24106146."
}
],
"id": "CVE-2015-6644",
"lastModified": "2026-05-06T22:30:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-06T19:59:09.503",
"references": [
{
"source": "security@android.com",
"tags": [
"Vendor Advisory"
],
"url": "http://source.android.com/security/bulletin/2016-01-01.html"
},
{
"source": "security@android.com",
"url": "http://www.debian.org/security/2017/dsa-3829"
},
{
"source": "security@android.com",
"url": "http://www.securityfocus.com/bid/79865"
},
{
"source": "security@android.com",
"url": "http://www.securitytracker.com/id/1034592"
},
{
"source": "security@android.com",
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
},
{
"source": "security@android.com",
"url": "https://access.redhat.com/errata/RHSA-2017:2808"
},
{
"source": "security@android.com",
"url": "https://access.redhat.com/errata/RHSA-2017:2809"
},
{
"source": "security@android.com",
"url": "https://access.redhat.com/errata/RHSA-2017:2810"
},
{
"source": "security@android.com",
"url": "https://access.redhat.com/errata/RHSA-2017:2811"
},
{
"source": "security@android.com",
"url": "https://access.redhat.com/errata/RHSA-2018:2927"
},
{
"source": "security@android.com",
"url": "https://usn.ubuntu.com/3727-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://source.android.com/security/bulletin/2016-01-01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/79865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:2927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3727-1/"
}
],
"sourceIdentifier": "security@android.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-X38M-968W-W2XQ
Vulnerability from github – Published: 2022-05-14 02:21 – Updated: 2025-04-12 12:55
VLAI?
Details
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.
Severity ?
{
"affected": [],
"aliases": [
"CVE-2015-6644"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-01-06T19:59:00Z",
"severity": "MODERATE"
},
"details": "Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.",
"id": "GHSA-x38m-968w-w2xq",
"modified": "2025-04-12T12:55:33Z",
"published": "2022-05-14T02:21:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6644"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2808"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2809"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2810"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2811"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2927"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3727-1"
},
{
"type": "WEB",
"url": "http://source.android.com/security/bulletin/2016-01-01.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3829"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/79865"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1034592"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2015-6644
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-6644",
"description": "Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.",
"id": "GSD-2015-6644",
"references": [
"https://www.suse.com/security/cve/CVE-2015-6644.html",
"https://www.debian.org/security/2017/dsa-3829",
"https://access.redhat.com/errata/RHSA-2018:2927",
"https://access.redhat.com/errata/RHSA-2017:2811",
"https://access.redhat.com/errata/RHSA-2017:2810",
"https://access.redhat.com/errata/RHSA-2017:2809",
"https://access.redhat.com/errata/RHSA-2017:2808",
"https://access.redhat.com/errata/RHSA-2017:1832",
"https://ubuntu.com/security/CVE-2015-6644"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-6644"
],
"details": "Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.",
"id": "GSD-2015-6644",
"modified": "2023-12-13T01:20:04.449043Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2015-6644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2809",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2809"
},
{
"name": "RHSA-2017:1832",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
},
{
"name": "RHSA-2017:2810",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2810"
},
{
"name": "1034592",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034592"
},
{
"name": "RHSA-2017:2808",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2808"
},
{
"name": "USN-3727-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3727-1/"
},
{
"name": "http://source.android.com/security/bulletin/2016-01-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-01-01.html"
},
{
"name": "RHSA-2018:2927",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2927"
},
{
"name": "DSA-3829",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3829"
},
{
"name": "RHSA-2017:2811",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2811"
},
{
"name": "79865",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79865"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2015-6644"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-01-01.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://source.android.com/security/bulletin/2016-01-01.html"
},
{
"name": "1034592",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1034592"
},
{
"name": "79865",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/79865"
},
{
"name": "DSA-3829",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2017/dsa-3829"
},
{
"name": "RHSA-2017:2811",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2017:2811"
},
{
"name": "RHSA-2017:2810",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2017:2810"
},
{
"name": "RHSA-2017:2809",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2017:2809"
},
{
"name": "RHSA-2017:2808",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2017:2808"
},
{
"name": "RHSA-2017:1832",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
},
{
"name": "USN-3727-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/3727-1/"
},
{
"name": "RHSA-2018:2927",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2018:2927"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
},
"lastModifiedDate": "2018-10-17T10:29Z",
"publishedDate": "2016-01-06T19:59Z"
}
}
}
RHSA-2017:1832
Vulnerability from csaf_redhat - Published: 2017-08-10 23:03 - Updated: 2026-05-14 22:23Summary
Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R4 security and bug fix update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications.
This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files.
Security Fix(es):
* It was discovered that the hawtio servlet uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies. (CVE-2017-2589)
* It was found that an information disclosure flaw in Bouncy Castle could enable a local malicious application to gain access to user's private information. (CVE-2015-6644)
* It was found that Apache Camel's camel-jackson and camel-jacksonxml components are vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws as demonstrated in various similar reports about Java de-serialization issues. (CVE-2016-8749)
* It was found that Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded / to a request an attacker may be able to bypass a security constraint. (CVE-2016-9879)
* It was found that a path traversal vulnerability in hawtio leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root. (CVE-2017-2594)
* It was found that Apache CXF OAuth2 Hawk and JOSE MAC Validation code is not using a constant time MAC signature comparison algorithm which may be exploited by some sophisticated timing attacks. It may only affect OAuth2 Hawk, JWT access tokens, or JOSE JWS/JWE interceptors which depend on HMAC secret key algorithms. (CVE-2017-3156)
* It was found that Apache Camel's validation component evaluates DTD headers of XML stream sources, although a validation against XML schemas (XSD) is executed. Remote attackers can use this feature to make Server-Side Request Forgery (SSRF) attacks by sending XML documents with remote DTDs URLs or XML External Entities (XXE). (CVE-2017-5643)
* It was found that a flaw exists in JAX-RS clients using the streaming approach for XML signatures and encryption, where it does not enforce the message to be signed/encrypted. This could allow an attacker to subvert the integrity of the message. (CVE-2017-5653)
* It was found that the token cacher in Apache cxf uses a flawed way of caching tokens that are associated with the delegation token received from Security Token Service (STS). This vulnerability could allow an attacker to craft a token which could return an identifier corresponding to a cached token for another user. (CVE-2017-5656)
* It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to execute arbitrary code through deserialization of custom gadget chains. (CVE-2017-5929)
* It was found that XStream contains a vulnerability that allows a maliciously crafted file to be parsed successfully which could cause an application crash. The crash occurs if the file that is being fed into XStream input stream contains an instances of the primitive type 'void'. An attacker could use this flaw to create a denial of service on the target system. (CVE-2017-7957)
The CVE-2017-2589 issue was discovered by Adam Willard (Blue Canopy) and Dennis Reed (Red Hat) and the CVE-2017-2594 issue was discovered by Hooman Broujerdi (Red Hat).
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was found that an information disclosure flaw in Bouncy Castle could enable a local malicious application to gain access to user's private information.
5.5 (Medium)
Affected products
Threats
Impact
Moderate
It was found that Apache Camel's camel-jackson and camel-jacksonxml components are vulnerable to Java object de-serialisation vulnerability. Camel allows such a type through the 'CamelJacksonUnmarshalType' property. De-serializing untrusted data can lead to security flaws as demonstrated in various similar reports about Java de-serialization issues.
8.1 (High)
Affected products
Threats
Impact
Moderate
It was found that Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded / to a request an attacker may be able to bypass a security constraint.
6.5 (Medium)
Affected products
Threats
Impact
Moderate
It was discovered that the hawtio servlet uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.
8.7 (High)
Affected products
Threats
Impact
Important
It was found that a path traversal vulnerability in hawtio leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root.
5.4 (Medium)
Affected products
Threats
Impact
Moderate
It was found that Apache CXF OAuth2 Hawk and JOSE MAC Validation code is not using a constant time MAC signature comparison algorithm which may be exploited by some sophisticated timing attacks. It may only affect OAuth2 Hawk or JWT access tokens or JOSE JWS/JWE interceptors which depend on HMAC secret key algorithms.
5.3 (Medium)
Affected products
Threats
Impact
Moderate
It was found that Apache Camel's validation component evaluates DTD headers of XML stream sources, although a validation against XML schemas (XSD) is executed. Remote attackers can use this feature to make Server-Side Request Forgery (SSRF) attacks by sending XML documents with remote DTDs URLs or XML External Entities (XXE). The vulnerability is not given for SAX or StAX sources.
6.5 (Medium)
Affected products
Threats
Impact
Moderate
It was found that a flaw exists in JAX-RS clients using the streaming approach for XML signatures and encryption, where it does not enforce the message to be signed/encrypted. This could allow an attacker to subvert the integrity of the message.
6.5 (Medium)
Affected products
Threats
Impact
Moderate
It was found that the token cacher in Apache cxf uses a flawed way of caching tokens that are associated with the delegation token received from Security Token Service (STS). This vulnerability could allow an attacker to craft a token which could return an identifier corresponding to a cached token for another user.
5.3 (Medium)
Affected products
Threats
Impact
Moderate
It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to execute arbitrary code through deserialization of custom gadget chains.
5.5 (Medium)
Affected products
Threats
Impact
Moderate
It was found that XStream contains a vulnerability that allows a maliciously crafted file to be parsed successfully which could cause an application crash. The crash occurs if the file that is being fed into XStream input stream contains an instances of the primitive type 'void'. An attacker could use this flaw to create a denial of service on the target system.
5.9 (Medium)
Affected products
Threats
Impact
Moderate
References
68 references
Acknowledgments
Blue Canopy
Adam Willard
Red Hat
Dennis Reed
Red Hat
Hooman Broujerdi
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications.\n\nThis patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files.\n\nSecurity Fix(es):\n\n* It was discovered that the hawtio servlet uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies. (CVE-2017-2589)\n\n* It was found that an information disclosure flaw in Bouncy Castle could enable a local malicious application to gain access to user\u0027s private information. (CVE-2015-6644)\n\n* It was found that Apache Camel\u0027s camel-jackson and camel-jacksonxml components are vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws as demonstrated in various similar reports about Java de-serialization issues. (CVE-2016-8749)\n\n* It was found that Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded / to a request an attacker may be able to bypass a security constraint. (CVE-2016-9879)\n\n* It was found that a path traversal vulnerability in hawtio leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio\u0027s root. (CVE-2017-2594)\n\n* It was found that Apache CXF OAuth2 Hawk and JOSE MAC Validation code is not using a constant time MAC signature comparison algorithm which may be exploited by some sophisticated timing attacks. It may only affect OAuth2 Hawk, JWT access tokens, or JOSE JWS/JWE interceptors which depend on HMAC secret key algorithms. (CVE-2017-3156)\n\n* It was found that Apache Camel\u0027s validation component evaluates DTD headers of XML stream sources, although a validation against XML schemas (XSD) is executed. Remote attackers can use this feature to make Server-Side Request Forgery (SSRF) attacks by sending XML documents with remote DTDs URLs or XML External Entities (XXE). (CVE-2017-5643)\n\n* It was found that a flaw exists in JAX-RS clients using the streaming approach for XML signatures and encryption, where it does not enforce the message to be signed/encrypted. This could allow an attacker to subvert the integrity of the message. (CVE-2017-5653)\n\n* It was found that the token cacher in Apache cxf uses a flawed way of caching tokens that are associated with the delegation token received from Security Token Service (STS). This vulnerability could allow an attacker to craft a token which could return an identifier corresponding to a cached token for another user. (CVE-2017-5656)\n\n* It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to execute arbitrary code through deserialization of custom gadget chains. (CVE-2017-5929)\n\n* It was found that XStream contains a vulnerability that allows a maliciously crafted file to be parsed successfully which could cause an application crash. The crash occurs if the file that is being fed into XStream input stream contains an instances of the primitive type \u0027void\u0027. An attacker could use this flaw to create a denial of service on the target system. (CVE-2017-7957)\n\nThe CVE-2017-2589 issue was discovered by Adam Willard (Blue Canopy) and Dennis Reed (Red Hat) and the CVE-2017-2594 issue was discovered by Hooman Broujerdi (Red Hat).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:1832",
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=securityPatches\u0026version=6.3",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=securityPatches\u0026version=6.3"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=jboss.amq\u0026version=6.3.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=jboss.amq\u0026version=6.3.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/"
},
{
"category": "external",
"summary": "1409838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409838"
},
{
"category": "external",
"summary": "1413905",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413905"
},
{
"category": "external",
"summary": "1415543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1415543"
},
{
"category": "external",
"summary": "1420832",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420832"
},
{
"category": "external",
"summary": "1425455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1425455"
},
{
"category": "external",
"summary": "1432858",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432858"
},
{
"category": "external",
"summary": "1433374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1433374"
},
{
"category": "external",
"summary": "1441538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441538"
},
{
"category": "external",
"summary": "1444015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444015"
},
{
"category": "external",
"summary": "1445327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445327"
},
{
"category": "external",
"summary": "1445329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445329"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1832.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R4 security and bug fix update",
"tracking": {
"current_release_date": "2026-05-14T22:23:36+00:00",
"generator": {
"date": "2026-05-14T22:23:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2017:1832",
"initial_release_date": "2017-08-10T23:03:00+00:00",
"revision_history": [
{
"date": "2017-08-10T23:03:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-08-15T01:47:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:23:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss A-MQ 6.3",
"product": {
"name": "Red Hat JBoss A-MQ 6.3",
"product_id": "Red Hat JBoss A-MQ 6.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_amq:6.3"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Fuse 6.3",
"product": {
"name": "Red Hat JBoss Fuse 6.3",
"product_id": "Red Hat JBoss Fuse 6.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_fuse:6.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Fuse"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-6644",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2017-04-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1444015"
}
],
"notes": [
{
"category": "description",
"text": "It was found that an information disclosure flaw in Bouncy Castle could enable a local malicious application to gain access to user\u0027s private information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bouncycastle: Information disclosure in GCMBlockCipher",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-6644"
},
{
"category": "external",
"summary": "RHBZ#1444015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444015"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-6644",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6644"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-6644",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6644"
}
],
"release_date": "2016-01-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-08-10T23:03:00+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nYou can find installation instructions in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bouncycastle: Information disclosure in GCMBlockCipher"
},
{
"cve": "CVE-2016-8749",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2017-02-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1420832"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Apache Camel\u0027s camel-jackson and camel-jacksonxml components are vulnerable to Java object de-serialisation vulnerability. Camel allows such a type through the \u0027CamelJacksonUnmarshalType\u0027 property. De-serializing untrusted data can lead to security flaws as demonstrated in various similar reports about Java de-serialization issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "camel-jacksonxml: Unmarshalling operation are vulnerable to RCE",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8749"
},
{
"category": "external",
"summary": "RHBZ#1420832",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420832"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8749",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8749"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8749",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8749"
},
{
"category": "external",
"summary": "http://camel.apache.org/security-advisories.data/CVE-2016-8749.txt.asc",
"url": "http://camel.apache.org/security-advisories.data/CVE-2016-8749.txt.asc"
}
],
"release_date": "2016-12-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-08-10T23:03:00+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nYou can find installation instructions in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "camel-jacksonxml: Unmarshalling operation are vulnerable to RCE"
},
{
"cve": "CVE-2016-9879",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-12-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1409838"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded / to a request an attacker may be able to bypass a security constraint.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Security: Improper handling of path parameters allows bypassing the security constraint",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-9879"
},
{
"category": "external",
"summary": "RHBZ#1409838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409838"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-9879",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9879"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9879"
},
{
"category": "external",
"summary": "https://pivotal.io/security/cve-2016-9879",
"url": "https://pivotal.io/security/cve-2016-9879"
}
],
"release_date": "2016-12-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-08-10T23:03:00+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nYou can find installation instructions in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
},
{
"category": "workaround",
"details": "Use a Servlet container known not to include path parameters in the return values for getServletPath() and getPathInfo()",
"product_ids": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Security: Improper handling of path parameters allows bypassing the security constraint"
},
{
"acknowledgments": [
{
"names": [
"Adam Willard"
],
"organization": "Blue Canopy"
},
{
"names": [
"Dennis Reed"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2017-2589",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2017-01-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413905"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the hawtio servlet uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hawtio: Proxy is sharing cookies among all the clients",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-2589"
},
{
"category": "external",
"summary": "RHBZ#1413905",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413905"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-2589",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2589"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2589",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2589"
}
],
"release_date": "2017-07-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-08-10T23:03:00+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nYou can find installation instructions in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "hawtio: Proxy is sharing cookies among all the clients"
},
{
"acknowledgments": [
{
"names": [
"Hooman Broujerdi"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2017-2594",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2017-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1415543"
}
],
"notes": [
{
"category": "description",
"text": "It was found that a path traversal vulnerability in hawtio leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio\u0027s root.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hawtio: information Disclosure flaws due to unsafe path traversal",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-2594"
},
{
"category": "external",
"summary": "RHBZ#1415543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1415543"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-2594",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2594"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2594",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2594"
}
],
"release_date": "2017-01-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-08-10T23:03:00+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nYou can find installation instructions in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hawtio: information Disclosure flaws due to unsafe path traversal"
},
{
"cve": "CVE-2017-3156",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2017-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1425455"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Apache CXF OAuth2 Hawk and JOSE MAC Validation code is not using a constant time MAC signature comparison algorithm which may be exploited by some sophisticated timing attacks. It may only affect OAuth2 Hawk or JWT access tokens or JOSE JWS/JWE interceptors which depend on HMAC secret key algorithms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf: CXF OAuth2 Hawk and JOSE MAC Validation code are vulnerable to timing attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3156"
},
{
"category": "external",
"summary": "RHBZ#1425455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1425455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3156"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2017-3156.txt.asc",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2017-3156.txt.asc"
}
],
"release_date": "2017-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-08-10T23:03:00+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nYou can find installation instructions in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cxf: CXF OAuth2 Hawk and JOSE MAC Validation code are vulnerable to timing attacks"
},
{
"cve": "CVE-2017-5643",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2017-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1433374"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Apache Camel\u0027s validation component evaluates DTD headers of XML stream sources, although a validation against XML schemas (XSD) is executed. Remote attackers can use this feature to make Server-Side Request Forgery (SSRF) attacks by sending XML documents with remote DTDs URLs or XML External Entities (XXE). The vulnerability is not given for SAX or StAX sources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "camel-core: Validation component vulnerable to SSRF via remote DTDs and XXE",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5643"
},
{
"category": "external",
"summary": "RHBZ#1433374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1433374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5643",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5643"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5643",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5643"
},
{
"category": "external",
"summary": "https://camel.apache.org/security-advisories.data/CVE-2017-5643.txt",
"url": "https://camel.apache.org/security-advisories.data/CVE-2017-5643.txt"
}
],
"release_date": "2017-02-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-08-10T23:03:00+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nYou can find installation instructions in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "camel-core: Validation component vulnerable to SSRF via remote DTDs and XXE"
},
{
"cve": "CVE-2017-5653",
"discovery_date": "2017-04-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1445327"
}
],
"notes": [
{
"category": "description",
"text": "It was found that a flaw exists in JAX-RS clients using the streaming approach for XML signatures and encryption, where it does not enforce the message to be signed/encrypted. This could allow an attacker to subvert the integrity of the message.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf: CXF JAX-RS XML Security streaming clients do not validate that the service response was signed or encrypted",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5653"
},
{
"category": "external",
"summary": "RHBZ#1445327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5653",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5653"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5653",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5653"
},
{
"category": "external",
"summary": "http://cxf.apache.org/security-advisories.data/CVE-2017-5653.txt.asc",
"url": "http://cxf.apache.org/security-advisories.data/CVE-2017-5653.txt.asc"
}
],
"release_date": "2017-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-08-10T23:03:00+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nYou can find installation instructions in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cxf: CXF JAX-RS XML Security streaming clients do not validate that the service response was signed or encrypted"
},
{
"cve": "CVE-2017-5656",
"discovery_date": "2017-04-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1445329"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the token cacher in Apache cxf uses a flawed way of caching tokens that are associated with the delegation token received from Security Token Service (STS). This vulnerability could allow an attacker to craft a token which could return an identifier corresponding to a cached token for another user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf: CXF\u0027s STSClient uses a flawed way of caching tokens that are associated with delegation tokens",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5656"
},
{
"category": "external",
"summary": "RHBZ#1445329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445329"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5656",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5656"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5656",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5656"
},
{
"category": "external",
"summary": "http://cxf.apache.org/security-advisories.data/CVE-2017-5656.txt.asc",
"url": "http://cxf.apache.org/security-advisories.data/CVE-2017-5656.txt.asc"
}
],
"release_date": "2017-04-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-08-10T23:03:00+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nYou can find installation instructions in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cxf: CXF\u0027s STSClient uses a flawed way of caching tokens that are associated with delegation tokens"
},
{
"cve": "CVE-2017-5929",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2017-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1432858"
}
],
"notes": [
{
"category": "description",
"text": "It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to execute arbitrary code through deserialization of custom gadget chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "logback: Serialization vulnerability in SocketServer and ServerSocketReceiver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability applies to logback-classic and logback-core.There is no documented evidence in the official upstream advisory that logback-json-core is affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5929"
},
{
"category": "external",
"summary": "RHBZ#1432858",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432858"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5929",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5929"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5929",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5929"
}
],
"release_date": "2017-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-08-10T23:03:00+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nYou can find installation instructions in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "logback: Serialization vulnerability in SocketServer and ServerSocketReceiver"
},
{
"cve": "CVE-2017-7957",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-04-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1441538"
}
],
"notes": [
{
"category": "description",
"text": "It was found that XStream contains a vulnerability that allows a maliciously crafted file to be parsed successfully which could cause an application crash. The crash occurs if the file that is being fed into XStream input stream contains an instances of the primitive type \u0027void\u0027. An attacker could use this flaw to create a denial of service on the target system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "XStream: DoS when unmarshalling void type",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7957"
},
{
"category": "external",
"summary": "RHBZ#1441538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7957",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7957"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7957",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7957"
},
{
"category": "external",
"summary": "http://x-stream.github.io/CVE-2017-7957.html",
"url": "http://x-stream.github.io/CVE-2017-7957.html"
}
],
"release_date": "2017-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-08-10T23:03:00+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nYou can find installation instructions in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "XStream: DoS when unmarshalling void type"
}
]
}
RHSA-2017:2808
Vulnerability from csaf_redhat - Published: 2017-09-26 18:39 - Updated: 2026-05-14 22:23Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 7.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645)
* A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison. (CVE-2014-9970)
* It was found that an information disclosure flaw in Bouncy Castle could enable a local malicious application to gain access to user's private information. (CVE-2015-6644)
* It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response. (CVE-2017-2582)
* It was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). (CVE-2017-7536)
The CVE-2017-2582 issue was discovered by Hynek Mlnarik (Red Hat) and the CVE-2017-7536 issue was discovered by Gunnar Morling (Red Hat).
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison.
5.1 (Medium)
Affected products
Fixed
49 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that an information disclosure flaw in Bouncy Castle could enable a local malicious application to gain access to user's private information.
5.5 (Medium)
Affected products
Fixed
49 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.
6.5 (Medium)
Affected products
Fixed
49 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.
8.1 (High)
Affected products
Fixed
49 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
It was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().
6.3 (Medium)
Affected products
Fixed
49 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
31 references
Acknowledgments
Red Hat
Hynek Mlnarik
Red Hat
Gunnar Morling
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645)\n\n* A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison. (CVE-2014-9970)\n\n* It was found that an information disclosure flaw in Bouncy Castle could enable a local malicious application to gain access to user\u0027s private information. (CVE-2015-6644)\n\n* It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the \"InResponseTo\" field in the response. (CVE-2017-2582)\n\n* It was found that when the security manager\u0027s reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). (CVE-2017-7536)\n\nThe CVE-2017-2582 issue was discovered by Hynek Mlnarik (Red Hat) and the CVE-2017-7536 issue was discovered by Gunnar Morling (Red Hat).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:2808",
"url": "https://access.redhat.com/errata/RHSA-2017:2808"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/installation-guide/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/installation-guide/"
},
{
"category": "external",
"summary": "1410481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410481"
},
{
"category": "external",
"summary": "1443635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443635"
},
{
"category": "external",
"summary": "1444015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444015"
},
{
"category": "external",
"summary": "1455566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455566"
},
{
"category": "external",
"summary": "1465573",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465573"
},
{
"category": "external",
"summary": "JBEAP-11485",
"url": "https://issues.redhat.com/browse/JBEAP-11485"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2808.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update",
"tracking": {
"current_release_date": "2026-05-14T22:23:42+00:00",
"generator": {
"date": "2026-05-14T22:23:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2017:2808",
"initial_release_date": "2017-09-26T18:39:54+00:00",
"revision_history": [
{
"date": "2017-09-26T18:39:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-09-26T18:39:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:23:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"product": {
"name": "eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"product_id": "eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native-wildfly@1.1.0-13.redhat_4.ep7.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"product": {
"name": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"product_id": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native@1.1.0-13.redhat_4.ep7.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src",
"product": {
"name": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src",
"product_id": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native@1.1.0-13.redhat_4.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src",
"product_id": "eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-log4j-jboss-logmanager@1.1.4-2.Final_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src",
"product_id": "eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-metadata@10.0.2-2.Final_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src",
"product_id": "eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.0.7-2.Final_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src",
"product": {
"name": "eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src",
"product_id": "eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@5.2.5-2.Final_redhat_2.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src",
"product_id": "eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@4.0.24-1.Final_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"product_id": "eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-9.SP8_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"product_id": "eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-9.SP8_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src",
"product": {
"name": "eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src",
"product_id": "eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle@1.56.0-3.redhat_2.2.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src",
"product_id": "eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jasypt@1.9.2-2.redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src",
"product_id": "eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remote-naming@2.0.5-1.Final_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src",
"product_id": "eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jms-api_2.0_spec@1.0.1-2.Final_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src",
"product_id": "eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@1.3.31-1.Final_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src",
"product_id": "eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.0.8-1.GA_redhat_1.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src",
"product": {
"name": "eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src",
"product_id": "eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.0.8-4.GA_redhat_1.1.ep7.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-log4j-jboss-logmanager@1.1.4-2.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-metadata-appclient@10.0.2-2.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-metadata@10.0.2-2.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-metadata-ear@10.0.2-2.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-metadata-common@10.0.2-2.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-metadata-ejb@10.0.2-2.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-metadata-web@10.0.2-2.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.0.7-2.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@5.2.5-2.Final_redhat_2.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@5.2.5-2.Final_redhat_2.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@4.0.24-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-9.SP8_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-api@2.5.5-9.SP8_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-idm-simple-schema@2.5.5-9.SP8_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-common@2.5.5-9.SP8_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-idm-api@2.5.5-9.SP8_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-idm-impl@2.5.5-9.SP8_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-impl@2.5.5-9.SP8_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-config@2.5.5-9.SP8_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-9.SP8_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-9.SP8_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"product": {
"name": "eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"product_id": "eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle-mail@1.56.0-3.redhat_2.2.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"product": {
"name": "eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"product_id": "eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle@1.56.0-3.redhat_2.2.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"product": {
"name": "eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"product_id": "eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle-prov@1.56.0-3.redhat_2.2.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"product": {
"name": "eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"product_id": "eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle-pkix@1.56.0-3.redhat_2.2.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jasypt@1.9.2-2.redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remote-naming@2.0.5-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jms-api_2.0_spec@1.0.1-2.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@1.3.31-1.Final_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.0.8-1.GA_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.0.8-4.GA_redhat_1.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.0.8-4.GA_redhat_1.1.ep7.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src"
},
"product_reference": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64"
},
"product_reference": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64"
},
"product_reference": "eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch"
},
"product_reference": "eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src"
},
"product_reference": "eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch"
},
"product_reference": "eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch"
},
"product_reference": "eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch"
},
"product_reference": "eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src"
},
"product_reference": "eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src"
},
"product_reference": "eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-9970",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2017-05-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1455566"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jasypt: Vulnerable to timing attack against the password hash comparison",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-9970"
},
{
"category": "external",
"summary": "RHBZ#1455566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455566"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-9970",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9970"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-9970",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9970"
}
],
"release_date": "2017-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-09-26T18:39:54+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2808"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jasypt: Vulnerable to timing attack against the password hash comparison"
},
{
"cve": "CVE-2015-6644",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2017-04-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1444015"
}
],
"notes": [
{
"category": "description",
"text": "It was found that an information disclosure flaw in Bouncy Castle could enable a local malicious application to gain access to user\u0027s private information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bouncycastle: Information disclosure in GCMBlockCipher",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-6644"
},
{
"category": "external",
"summary": "RHBZ#1444015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444015"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-6644",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6644"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-6644",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6644"
}
],
"release_date": "2016-01-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-09-26T18:39:54+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2808"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bouncycastle: Information disclosure in GCMBlockCipher"
},
{
"acknowledgments": [
{
"names": [
"Hynek Mlnarik"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2017-2582",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2017-01-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1410481"
}
],
"notes": [
{
"category": "description",
"text": "It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the \"InResponseTo\" field in the response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: SAML request parser replaces special strings with system properties",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-2582"
},
{
"category": "external",
"summary": "RHBZ#1410481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410481"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-2582",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2582"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2582",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2582"
}
],
"release_date": "2017-09-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-09-26T18:39:54+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2808"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: SAML request parser replaces special strings with system properties"
},
{
"cve": "CVE-2017-5645",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2017-04-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443635"
}
],
"notes": [
{
"category": "description",
"text": "It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j: Socket receiver deserialization vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The flaw in Log4j-1.x is now identified by CVE-2019-17571. CVE-2017-5645 has been assigned by MITRE to a similar flaw identified in Log4j-2.x",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5645"
},
{
"category": "external",
"summary": "RHBZ#1443635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443635"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5645",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5645"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5645",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5645"
}
],
"release_date": "2017-04-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-09-26T18:39:54+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2808"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "log4j: Socket receiver deserialization vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Gunnar Morling"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2017-7536",
"discovery_date": "2017-06-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1465573"
}
],
"notes": [
{
"category": "description",
"text": "It was found that when the security manager\u0027s reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Privilege escalation when running under the security manager",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7536"
},
{
"category": "external",
"summary": "RHBZ#1465573",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465573"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7536",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7536"
}
],
"release_date": "2017-09-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-09-26T18:39:54+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2808"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el7.x86_64",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.noarch",
"7Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7.src",
"7Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: Privilege escalation when running under the security manager"
}
]
}
RHSA-2017:2809
Vulnerability from csaf_redhat - Published: 2017-09-26 18:51 - Updated: 2026-05-14 22:23Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 7.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645)
* A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison. (CVE-2014-9970)
* It was found that an information disclosure flaw in Bouncy Castle could enable a local malicious application to gain access to user's private information. (CVE-2015-6644)
* It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response. (CVE-2017-2582)
* It was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). (CVE-2017-7536)
The CVE-2017-2582 issue was discovered by Hynek Mlnarik (Red Hat) and the CVE-2017-7536 issue was discovered by Gunnar Morling (Red Hat).
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison.
5.1 (Medium)
Affected products
Fixed
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that an information disclosure flaw in Bouncy Castle could enable a local malicious application to gain access to user's private information.
5.5 (Medium)
Affected products
Fixed
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.
6.5 (Medium)
Affected products
Fixed
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.
8.1 (High)
Affected products
Fixed
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
It was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().
6.3 (Medium)
Affected products
Fixed
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
31 references
Acknowledgments
Red Hat
Hynek Mlnarik
Red Hat
Gunnar Morling
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645)\n\n* A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison. (CVE-2014-9970)\n\n* It was found that an information disclosure flaw in Bouncy Castle could enable a local malicious application to gain access to user\u0027s private information. (CVE-2015-6644)\n\n* It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the \"InResponseTo\" field in the response. (CVE-2017-2582)\n\n* It was found that when the security manager\u0027s reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). (CVE-2017-7536)\n\nThe CVE-2017-2582 issue was discovered by Hynek Mlnarik (Red Hat) and the CVE-2017-7536 issue was discovered by Gunnar Morling (Red Hat).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:2809",
"url": "https://access.redhat.com/errata/RHSA-2017:2809"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/installation-guide/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/installation-guide/"
},
{
"category": "external",
"summary": "1410481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410481"
},
{
"category": "external",
"summary": "1443635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443635"
},
{
"category": "external",
"summary": "1444015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444015"
},
{
"category": "external",
"summary": "1455566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455566"
},
{
"category": "external",
"summary": "1465573",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465573"
},
{
"category": "external",
"summary": "JBEAP-11484",
"url": "https://issues.redhat.com/browse/JBEAP-11484"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2809.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update",
"tracking": {
"current_release_date": "2026-05-14T22:23:48+00:00",
"generator": {
"date": "2026-05-14T22:23:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2017:2809",
"initial_release_date": "2017-09-26T18:51:56+00:00",
"revision_history": [
{
"date": "2017-09-26T18:51:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-09-26T18:51:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:23:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"product": {
"name": "eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"product_id": "eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native-wildfly@1.1.0-13.redhat_4.ep7.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"product": {
"name": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"product_id": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native@1.1.0-13.redhat_4.ep7.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686",
"product": {
"name": "eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686",
"product_id": "eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native-wildfly@1.1.0-13.redhat_4.ep7.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686",
"product": {
"name": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686",
"product_id": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native@1.1.0-13.redhat_4.ep7.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src",
"product": {
"name": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src",
"product_id": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native@1.1.0-13.redhat_4.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-log4j-jboss-logmanager@1.1.4-2.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-metadata@10.0.2-2.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.0.7-2.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src",
"product": {
"name": "eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src",
"product_id": "eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@5.2.5-2.Final_redhat_2.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@4.0.24-1.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"product_id": "eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-9.SP8_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"product_id": "eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-9.SP8_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src",
"product_id": "eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jasypt@1.9.2-2.redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src",
"product": {
"name": "eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src",
"product_id": "eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle@1.56.0-3.redhat_2.2.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remote-naming@2.0.5-1.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jms-api_2.0_spec@1.0.1-2.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@1.3.31-1.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src",
"product_id": "eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.0.8-1.GA_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src",
"product_id": "eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.0.8-4.GA_redhat_1.1.ep7.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-log4j-jboss-logmanager@1.1.4-2.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-metadata-appclient@10.0.2-2.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-metadata@10.0.2-2.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-metadata-ear@10.0.2-2.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-metadata-common@10.0.2-2.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-metadata-ejb@10.0.2-2.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-metadata-web@10.0.2-2.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.0.7-2.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@5.2.5-2.Final_redhat_2.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@5.2.5-2.Final_redhat_2.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@4.0.24-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-9.SP8_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-api@2.5.5-9.SP8_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-idm-simple-schema@2.5.5-9.SP8_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-common@2.5.5-9.SP8_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-idm-api@2.5.5-9.SP8_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-idm-impl@2.5.5-9.SP8_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-impl@2.5.5-9.SP8_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-config@2.5.5-9.SP8_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-9.SP8_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-9.SP8_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jasypt@1.9.2-2.redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"product": {
"name": "eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"product_id": "eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle-mail@1.56.0-3.redhat_2.2.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"product": {
"name": "eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"product_id": "eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle@1.56.0-3.redhat_2.2.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"product": {
"name": "eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"product_id": "eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle-pkix@1.56.0-3.redhat_2.2.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"product": {
"name": "eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"product_id": "eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle-prov@1.56.0-3.redhat_2.2.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remote-naming@2.0.5-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jms-api_2.0_spec@1.0.1-2.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@1.3.31-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.0.8-1.GA_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.0.8-4.GA_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.0.8-4.GA_redhat_1.1.ep7.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686 as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686"
},
"product_reference": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src"
},
"product_reference": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64"
},
"product_reference": "eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686 as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686"
},
"product_reference": "eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64"
},
"product_reference": "eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch"
},
"product_reference": "eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src"
},
"product_reference": "eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch"
},
"product_reference": "eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch"
},
"product_reference": "eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch"
},
"product_reference": "eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src"
},
"product_reference": "eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-9970",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2017-05-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1455566"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jasypt: Vulnerable to timing attack against the password hash comparison",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-9970"
},
{
"category": "external",
"summary": "RHBZ#1455566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455566"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-9970",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9970"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-9970",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9970"
}
],
"release_date": "2017-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-09-26T18:51:56+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2809"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jasypt: Vulnerable to timing attack against the password hash comparison"
},
{
"cve": "CVE-2015-6644",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2017-04-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1444015"
}
],
"notes": [
{
"category": "description",
"text": "It was found that an information disclosure flaw in Bouncy Castle could enable a local malicious application to gain access to user\u0027s private information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bouncycastle: Information disclosure in GCMBlockCipher",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-6644"
},
{
"category": "external",
"summary": "RHBZ#1444015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444015"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-6644",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6644"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-6644",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6644"
}
],
"release_date": "2016-01-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-09-26T18:51:56+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2809"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bouncycastle: Information disclosure in GCMBlockCipher"
},
{
"acknowledgments": [
{
"names": [
"Hynek Mlnarik"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2017-2582",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2017-01-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1410481"
}
],
"notes": [
{
"category": "description",
"text": "It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the \"InResponseTo\" field in the response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: SAML request parser replaces special strings with system properties",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-2582"
},
{
"category": "external",
"summary": "RHBZ#1410481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410481"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-2582",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2582"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2582",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2582"
}
],
"release_date": "2017-09-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-09-26T18:51:56+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2809"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: SAML request parser replaces special strings with system properties"
},
{
"cve": "CVE-2017-5645",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2017-04-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443635"
}
],
"notes": [
{
"category": "description",
"text": "It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j: Socket receiver deserialization vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The flaw in Log4j-1.x is now identified by CVE-2019-17571. CVE-2017-5645 has been assigned by MITRE to a similar flaw identified in Log4j-2.x",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5645"
},
{
"category": "external",
"summary": "RHBZ#1443635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443635"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5645",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5645"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5645",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5645"
}
],
"release_date": "2017-04-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-09-26T18:51:56+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2809"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "log4j: Socket receiver deserialization vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Gunnar Morling"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2017-7536",
"discovery_date": "2017-06-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1465573"
}
],
"notes": [
{
"category": "description",
"text": "It was found that when the security manager\u0027s reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Privilege escalation when running under the security manager",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7536"
},
{
"category": "external",
"summary": "RHBZ#1465573",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465573"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7536",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7536"
}
],
"release_date": "2017-09-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-09-26T18:51:56+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2809"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.i686",
"6Server-JBEAP-7.0:eap7-artemis-native-wildfly-0:1.1.0-13.redhat_4.ep7.el6.x86_64",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-bouncycastle-mail-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-pkix-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-bouncycastle-prov-0:1.56.0-3.redhat_2.2.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-validator-cdi-0:5.2.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-metadata-appclient-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-common-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ear-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-ejb-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-metadata-web-0:10.0.2-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-common-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-config-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-picketlink-idm-api-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-idm-simple-schema-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-impl-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-picketlink-wildfly8-0:2.5.5-9.SP8_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.8-4.GA_redhat_1.1.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: Privilege escalation when running under the security manager"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…