Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2023-4639
Vulnerability from cvelistv5
Published
2024-11-17 10:21
Modified
2024-11-17 16:17
Severity ?
EPSS score ?
Summary
A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Migration Toolkit for Runtimes 1 on RHEL 8 |
Unaffected: 1.2-23 < * cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-4639", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-17T16:17:32.886591Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-17T16:17:46.027Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" ], "defaultStatus": "affected", "packageName": "mtr/mtr-operator-bundle", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.2-23", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" ], "defaultStatus": "affected", "packageName": "mtr/mtr-rhel8-operator", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.2-15", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" ], "defaultStatus": "affected", "packageName": "mtr/mtr-web-container-rhel8", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.2-16", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" ], "defaultStatus": "affected", "packageName": "mtr/mtr-web-executor-container-rhel8", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.2-14", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.30-1.SP1_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.30-1.SP1_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.30-1.SP1_redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" ], "defaultStatus": "affected", "packageName": "eap8-undertow", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.3.11-1.SP1_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" ], "defaultStatus": "affected", "packageName": "eap8-undertow", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.3.11-1.SP1_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:migration_toolkit_applications:6" ], "defaultStatus": "affected", "packageName": "org.keycloak-keycloak-parent", "product": "Migration Toolkit for Applications 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_spring_boot:3" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat build of Apache Camel for Spring Boot 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_registry:2" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat build of Apicurio Registry", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:2" ], "defaultStatus": "unknown", "packageName": "io.quarkus/quarkus-undertow", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Data Grid 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_brms_platform:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat Decision Manager 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat Fuse 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:integration:1" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Integration Camel K", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_quarkus:2" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Integration Camel Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:integration:1" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat Integration Change Data Capture", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_data_grid:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat JBoss Data Grid 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:6" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_fuse:6" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat JBoss Fuse 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_fuse_service_works:6" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat JBoss Fuse Service Works 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat Single Sign-On 7", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Ankur Sundara for reporting this issue." } ], "datePublic": "2024-02-08T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-444", "description": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-17T10:21:44.539Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1674", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1674" }, { "name": "RHSA-2024:1675", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1675" }, { "name": "RHSA-2024:1676", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1676" }, { "name": "RHSA-2024:1677", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1677" }, { "name": "RHSA-2024:2763", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2763" }, { "name": "RHSA-2024:2764", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2764" }, { "name": "RHSA-2024:3919", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3919" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-4639" }, { "name": "RHBZ#2166022", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" } ], "timeline": [ { "lang": "en", "time": "2023-01-28T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-02-08T00:00:00+00:00", "value": "Made public." } ], "title": "Undertow: cookie smuggling/spoofing", "x_redhatCweChain": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-4639", "datePublished": "2024-11-17T10:21:44.539Z", "dateReserved": "2023-08-30T14:52:04.007Z", "dateUpdated": "2024-11-17T16:17:46.027Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-4639\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2024-11-17T11:15:05.840\",\"lastModified\":\"2024-11-18T17:11:17.393\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una falla en Undertow que analiza incorrectamente las cookies con ciertos caracteres que delimitan valores en las solicitudes entrantes. Este problema podr\u00eda permitir que un atacante construya un valor de cookie para extraer valores de cookies HttpOnly o falsificar valores de cookies adicionales arbitrarios, lo que lleva a un acceso o modificaci\u00f3n de datos no autorizados. La principal amenaza de esta falla afecta la confidencialidad e integridad de los datos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1674\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1675\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1676\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1677\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:2763\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:2764\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:3919\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-4639\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2166022\",\"source\":\"secalert@redhat.com\"}]}}" } }
ghsa-3jrv-jgp8-45v3
Vulnerability from github
Published
2024-11-17 12:30
Modified
2024-11-18 20:08
Severity ?
Summary
Undertow incorrectly parses cookies
Details
A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "io.undertow:undertow-core" }, "ranges": [ { "events": [ { "introduced": "2.3.0.Alpha1" }, { "fixed": "2.3.11.Final" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "io.undertow:undertow-core" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.2.30.Final" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2023-4639" ], "database_specific": { "cwe_ids": [ "CWE-444" ], "github_reviewed": true, "github_reviewed_at": "2024-11-18T20:08:30Z", "nvd_published_at": "2024-11-17T11:15:05Z", "severity": "HIGH" }, "details": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.", "id": "GHSA-3jrv-jgp8-45v3", "modified": "2024-11-18T20:08:31Z", "published": "2024-11-17T12:30:29Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639" }, { "type": "WEB", "url": "https://github.com/undertow-io/undertow/commit/1f93a979d2ac264798e5779b5b7172dfafe0066f" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2024:1674" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2024:1675" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2024:1676" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2024:1677" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2024:2763" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2024:2764" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2024:3919" }, { "type": "WEB", "url": "https://access.redhat.com/security/cve/CVE-2023-4639" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "type": "PACKAGE", "url": "https://github.com/undertow-io/undertow" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "type": "CVSS_V3" } ], "summary": "Undertow incorrectly parses cookies" }
rhsa-2024_1675
Vulnerability from csaf_redhat
Published
2024-04-04 15:23
Modified
2024-12-17 22:38
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)
* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)
* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)
* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:1675", "url": "https://access.redhat.com/errata/RHSA-2024:1675" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2166022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "category": "external", "summary": "2185662", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662" }, { "category": "external", "summary": "2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "external", "summary": "JBEAP-19969", "url": "https://issues.redhat.com/browse/JBEAP-19969" }, { "category": "external", "summary": "JBEAP-26168", "url": "https://issues.redhat.com/browse/JBEAP-26168" }, { "category": "external", "summary": "JBEAP-26280", "url": "https://issues.redhat.com/browse/JBEAP-26280" }, { "category": "external", "summary": "JBEAP-26291", "url": "https://issues.redhat.com/browse/JBEAP-26291" }, { "category": "external", "summary": "JBEAP-26318", "url": "https://issues.redhat.com/browse/JBEAP-26318" }, { "category": "external", "summary": "JBEAP-26343", "url": "https://issues.redhat.com/browse/JBEAP-26343" }, { "category": "external", "summary": "JBEAP-26355", "url": "https://issues.redhat.com/browse/JBEAP-26355" }, { "category": "external", "summary": "JBEAP-26414", "url": "https://issues.redhat.com/browse/JBEAP-26414" }, { "category": "external", "summary": "JBEAP-26467", "url": "https://issues.redhat.com/browse/JBEAP-26467" }, { "category": "external", "summary": "JBEAP-26533", "url": "https://issues.redhat.com/browse/JBEAP-26533" }, { "category": "external", "summary": "JBEAP-26552", "url": "https://issues.redhat.com/browse/JBEAP-26552" }, { "category": "external", "summary": "JBEAP-26587", "url": "https://issues.redhat.com/browse/JBEAP-26587" }, { "category": "external", "summary": "JBEAP-26616", "url": "https://issues.redhat.com/browse/JBEAP-26616" }, { "category": "external", "summary": "JBEAP-26617", "url": "https://issues.redhat.com/browse/JBEAP-26617" }, { "category": "external", "summary": "JBEAP-26636", "url": "https://issues.redhat.com/browse/JBEAP-26636" }, { "category": "external", "summary": "JBEAP-26660", "url": "https://issues.redhat.com/browse/JBEAP-26660" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1675.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update", "tracking": { "current_release_date": "2024-12-17T22:38:16+00:00", "generator": { "date": "2024-12-17T22:38:16+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:1675", "initial_release_date": "2024-04-04T15:23:50+00:00", "revision_history": [ { "date": "2024-04-04T15:23:50+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-04-04T15:23:50+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-17T22:38:16+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 8", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "product": { "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.4-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "product": { "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "product": { "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "product": { "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "product": { "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el8eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-3.SP3_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-35.Final_redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-35.Final_redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "product_id": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-2.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "product_id": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-2.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "product_id": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-2.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product": { "name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_id": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-analyzers-common@5.5.5-6.redhat_2.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product": { "name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_id": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-backward-codecs@5.5.5-6.redhat_2.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product": { "name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_id": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-core@5.5.5-6.redhat_2.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product": { "name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_id": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-facet@5.5.5-6.redhat_2.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product": { "name": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_id": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-grouping@5.5.5-6.redhat_2.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product": { "name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_id": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-misc@5.5.5-6.redhat_2.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product": { "name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_id": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-queries@5.5.5-6.redhat_2.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product": { "name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_id": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-queryparser@5.5.5-6.redhat_2.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product": { "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "product": { "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el8eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64" }, "product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch" }, "product_reference": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch" }, "product_reference": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch" }, "product_reference": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch" }, "product_reference": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch" }, "product_reference": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch" }, "product_reference": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch" }, "product_reference": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch" }, "product_reference": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch" }, "product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src" }, "product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-1973", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-02-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2185662" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: unrestricted request storage leads to memory exhaustion", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1973" }, { "category": "external", "summary": "RHBZ#2185662", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1973" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973" } ], "release_date": "2024-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:50+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1675" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: unrestricted request storage leads to memory exhaustion" }, { "acknowledgments": [ { "names": [ "Ankur Sundara" ] } ], "cve": "CVE-2023-4639", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2023-01-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2166022" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Cookie Smuggling/Spoofing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4639" }, { "category": "external", "summary": "RHBZ#2166022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4639" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639" } ], "release_date": "2024-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:50+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1675" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Cookie Smuggling/Spoofing" }, { "cve": "CVE-2023-48795", "cwe": { "id": "CWE-222", "name": "Truncation of Security-relevant Information" }, "discovery_date": "2023-12-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2254210" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-48795" }, { "category": "external", "summary": "RHBZ#2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, { "category": "external", "summary": "https://access.redhat.com/solutions/7071748", "url": "https://access.redhat.com/solutions/7071748" }, { "category": "external", "summary": "https://terrapin-attack.com/", "url": "https://terrapin-attack.com/" } ], "release_date": "2023-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:50+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1675" }, { "category": "workaround", "details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)" }, { "acknowledgments": [ { "names": [ "AAIB IT Unix Team" ] } ], "cve": "CVE-2024-1459", "cwe": { "id": "CWE-24", "name": "Path Traversal: \u0027../filedir\u0027" }, "discovery_date": "2024-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2259475" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: directory traversal vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1459" }, { "category": "external", "summary": "RHBZ#2259475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1459" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459" } ], "release_date": "2024-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:50+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1675" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: directory traversal vulnerability" }, { "cve": "CVE-2024-1635", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2264928" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol", "title": "Vulnerability summary" }, { "category": "other", "text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1635" }, { "category": "external", "summary": "RHBZ#2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1635" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635" } ], "release_date": "2023-10-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:50+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1675" }, { "category": "workaround", "details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol" } ] }
rhsa-2024_1674
Vulnerability from csaf_redhat
Published
2024-04-04 15:23
Modified
2024-12-17 22:38
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)
* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)
* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)
* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:1674", "url": "https://access.redhat.com/errata/RHSA-2024:1674" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2166022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "category": "external", "summary": "2185662", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662" }, { "category": "external", "summary": "2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "external", "summary": "JBEAP-19969", "url": "https://issues.redhat.com/browse/JBEAP-19969" }, { "category": "external", "summary": "JBEAP-26168", "url": "https://issues.redhat.com/browse/JBEAP-26168" }, { "category": "external", "summary": "JBEAP-26280", "url": "https://issues.redhat.com/browse/JBEAP-26280" }, { "category": "external", "summary": "JBEAP-26291", "url": "https://issues.redhat.com/browse/JBEAP-26291" }, { "category": "external", "summary": "JBEAP-26318", "url": "https://issues.redhat.com/browse/JBEAP-26318" }, { "category": "external", "summary": "JBEAP-26343", "url": "https://issues.redhat.com/browse/JBEAP-26343" }, { "category": "external", "summary": "JBEAP-26355", "url": "https://issues.redhat.com/browse/JBEAP-26355" }, { "category": "external", "summary": "JBEAP-26414", "url": "https://issues.redhat.com/browse/JBEAP-26414" }, { "category": "external", "summary": "JBEAP-26467", "url": "https://issues.redhat.com/browse/JBEAP-26467" }, { "category": "external", "summary": "JBEAP-26533", "url": "https://issues.redhat.com/browse/JBEAP-26533" }, { "category": "external", "summary": "JBEAP-26552", "url": "https://issues.redhat.com/browse/JBEAP-26552" }, { "category": "external", "summary": "JBEAP-26587", "url": "https://issues.redhat.com/browse/JBEAP-26587" }, { "category": "external", "summary": "JBEAP-26616", "url": "https://issues.redhat.com/browse/JBEAP-26616" }, { "category": "external", "summary": "JBEAP-26617", "url": "https://issues.redhat.com/browse/JBEAP-26617" }, { "category": "external", "summary": "JBEAP-26636", "url": "https://issues.redhat.com/browse/JBEAP-26636" }, { "category": "external", "summary": "JBEAP-26660", "url": "https://issues.redhat.com/browse/JBEAP-26660" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1674.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update", "tracking": { "current_release_date": "2024-12-17T22:38:28+00:00", "generator": { "date": "2024-12-17T22:38:28+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:1674", "initial_release_date": "2024-04-04T15:23:51+00:00", "revision_history": [ { "date": "2024-04-04T15:23:51+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-04-04T15:23:51+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-17T22:38:28+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.4-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "product": { "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "product": { "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "product": { "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "product": { "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "product": { "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el7eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.4-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-3.SP3_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "product_id": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-2.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "product_id": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-2.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "product_id": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-2.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-35.Final_redhat_00034.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-35.Final_redhat_00034.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product": { "name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_id": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-analyzers-common@5.5.5-6.redhat_2.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product": { "name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_id": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-backward-codecs@5.5.5-6.redhat_2.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product": { "name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_id": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-core@5.5.5-6.redhat_2.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product": { "name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_id": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-facet@5.5.5-6.redhat_2.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product": { "name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_id": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-misc@5.5.5-6.redhat_2.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product": { "name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_id": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-queries@5.5.5-6.redhat_2.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product": { "name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_id": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-queryparser@5.5.5-6.redhat_2.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product": { "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "product": { "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el7eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "product": { "name": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "product_id": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-cert-helper-debuginfo@1.1.2-1.redhat_00001.1.el7eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64" }, "product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64" }, "product_reference": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch" }, "product_reference": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch" }, "product_reference": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch" }, "product_reference": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch" }, "product_reference": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch" }, "product_reference": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch" }, "product_reference": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch" }, "product_reference": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch" }, "product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src" }, "product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-1973", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-02-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2185662" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: unrestricted request storage leads to memory exhaustion", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1973" }, { "category": "external", "summary": "RHBZ#2185662", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1973" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973" } ], "release_date": "2024-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:51+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1674" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: unrestricted request storage leads to memory exhaustion" }, { "acknowledgments": [ { "names": [ "Ankur Sundara" ] } ], "cve": "CVE-2023-4639", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2023-01-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2166022" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Cookie Smuggling/Spoofing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4639" }, { "category": "external", "summary": "RHBZ#2166022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4639" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639" } ], "release_date": "2024-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:51+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1674" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Cookie Smuggling/Spoofing" }, { "cve": "CVE-2023-48795", "cwe": { "id": "CWE-222", "name": "Truncation of Security-relevant Information" }, "discovery_date": "2023-12-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2254210" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-48795" }, { "category": "external", "summary": "RHBZ#2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, { "category": "external", "summary": "https://access.redhat.com/solutions/7071748", "url": "https://access.redhat.com/solutions/7071748" }, { "category": "external", "summary": "https://terrapin-attack.com/", "url": "https://terrapin-attack.com/" } ], "release_date": "2023-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:51+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1674" }, { "category": "workaround", "details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)" }, { "acknowledgments": [ { "names": [ "AAIB IT Unix Team" ] } ], "cve": "CVE-2024-1459", "cwe": { "id": "CWE-24", "name": "Path Traversal: \u0027../filedir\u0027" }, "discovery_date": "2024-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2259475" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: directory traversal vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1459" }, { "category": "external", "summary": "RHBZ#2259475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1459" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459" } ], "release_date": "2024-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:51+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1674" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: directory traversal vulnerability" }, { "cve": "CVE-2024-1635", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2264928" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol", "title": "Vulnerability summary" }, { "category": "other", "text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1635" }, { "category": "external", "summary": "RHBZ#2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1635" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635" } ], "release_date": "2023-10-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:51+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1674" }, { "category": "workaround", "details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol" } ] }
rhsa-2024_1677
Vulnerability from csaf_redhat
Published
2024-04-04 15:22
Modified
2024-12-17 22:38
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)
* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)
* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)
* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:1677", "url": "https://access.redhat.com/errata/RHSA-2024:1677" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.4", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.4" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2166022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "category": "external", "summary": "2185662", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662" }, { "category": "external", "summary": "2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "external", "summary": "JBEAP-19969", "url": "https://issues.redhat.com/browse/JBEAP-19969" }, { "category": "external", "summary": "JBEAP-26168", "url": "https://issues.redhat.com/browse/JBEAP-26168" }, { "category": "external", "summary": "JBEAP-26280", "url": "https://issues.redhat.com/browse/JBEAP-26280" }, { "category": "external", "summary": "JBEAP-26291", "url": "https://issues.redhat.com/browse/JBEAP-26291" }, { "category": "external", "summary": "JBEAP-26318", "url": "https://issues.redhat.com/browse/JBEAP-26318" }, { "category": "external", "summary": "JBEAP-26343", "url": "https://issues.redhat.com/browse/JBEAP-26343" }, { "category": "external", "summary": "JBEAP-26355", "url": "https://issues.redhat.com/browse/JBEAP-26355" }, { "category": "external", "summary": "JBEAP-26414", "url": "https://issues.redhat.com/browse/JBEAP-26414" }, { "category": "external", "summary": "JBEAP-26467", "url": "https://issues.redhat.com/browse/JBEAP-26467" }, { "category": "external", "summary": "JBEAP-26533", "url": "https://issues.redhat.com/browse/JBEAP-26533" }, { "category": "external", "summary": "JBEAP-26552", "url": "https://issues.redhat.com/browse/JBEAP-26552" }, { "category": "external", "summary": "JBEAP-26587", "url": "https://issues.redhat.com/browse/JBEAP-26587" }, { "category": "external", "summary": "JBEAP-26616", "url": "https://issues.redhat.com/browse/JBEAP-26616" }, { "category": "external", "summary": "JBEAP-26617", "url": "https://issues.redhat.com/browse/JBEAP-26617" }, { "category": "external", "summary": "JBEAP-26636", "url": "https://issues.redhat.com/browse/JBEAP-26636" }, { "category": "external", "summary": "JBEAP-26660", "url": "https://issues.redhat.com/browse/JBEAP-26660" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1677.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update", "tracking": { "current_release_date": "2024-12-17T22:38:54+00:00", "generator": { "date": "2024-12-17T22:38:54+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:1677", "initial_release_date": "2024-04-04T15:22:45+00:00", "revision_history": [ { "date": "2024-04-04T15:22:45+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-06-05T10:53:24+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-17T22:38:54+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7", "product_id": "Red Hat JBoss Enterprise Application Platform 7", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-1973", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-02-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2185662" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: unrestricted request storage leads to memory exhaustion", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1973" }, { "category": "external", "summary": "RHBZ#2185662", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1973" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973" } ], "release_date": "2024-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:22:45+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1677" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: unrestricted request storage leads to memory exhaustion" }, { "acknowledgments": [ { "names": [ "Ankur Sundara" ] } ], "cve": "CVE-2023-4639", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2023-01-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2166022" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Cookie Smuggling/Spoofing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4639" }, { "category": "external", "summary": "RHBZ#2166022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4639" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639" } ], "release_date": "2024-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:22:45+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1677" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Cookie Smuggling/Spoofing" }, { "cve": "CVE-2023-48795", "cwe": { "id": "CWE-222", "name": "Truncation of Security-relevant Information" }, "discovery_date": "2023-12-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2254210" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-48795" }, { "category": "external", "summary": "RHBZ#2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, { "category": "external", "summary": "https://access.redhat.com/solutions/7071748", "url": "https://access.redhat.com/solutions/7071748" }, { "category": "external", "summary": "https://terrapin-attack.com/", "url": "https://terrapin-attack.com/" } ], "release_date": "2023-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:22:45+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1677" }, { "category": "workaround", "details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)" }, { "acknowledgments": [ { "names": [ "AAIB IT Unix Team" ] } ], "cve": "CVE-2024-1459", "cwe": { "id": "CWE-24", "name": "Path Traversal: \u0027../filedir\u0027" }, "discovery_date": "2024-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2259475" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: directory traversal vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1459" }, { "category": "external", "summary": "RHBZ#2259475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1459" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459" } ], "release_date": "2024-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:22:45+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1677" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: directory traversal vulnerability" }, { "cve": "CVE-2024-1635", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2264928" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol", "title": "Vulnerability summary" }, { "category": "other", "text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1635" }, { "category": "external", "summary": "RHBZ#2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1635" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635" } ], "release_date": "2023-10-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:22:45+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1677" }, { "category": "workaround", "details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol" } ] }
rhsa-2024_3919
Vulnerability from csaf_redhat
Published
2024-06-13 11:37
Modified
2024-12-17 07:03
Summary
Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update
Notes
Topic
Migration Toolkit for Runtimes 1.2.6 release
Red Hat Product Security has rated this update as having a security impact of Important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Migration Toolkit for Runtimes 1.2.6 Images
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)
* jetty: Improper addition of quotation marks to user inputs in CgiServlet (CVE-2023-36479)
* css-tools: Improper Input Validation causes Denial of Service via Regular Expression (CVE-2023-26364)
* css-tools: regular expression denial of service (ReDoS) when parsing CSS (CVE-2023-48631)
* keycloak: path transversal in redirection validation (CVE-2024-1132)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Migration Toolkit for Runtimes 1.2.6 release\nRed Hat Product Security has rated this update as having a security impact of Important.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Migration Toolkit for Runtimes 1.2.6 Images\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)\n* jetty: Improper addition of quotation marks to user inputs in CgiServlet (CVE-2023-36479)\n* css-tools: Improper Input Validation causes Denial of Service via Regular Expression (CVE-2023-26364)\n* css-tools: regular expression denial of service (ReDoS) when parsing CSS (CVE-2023-48631)\n* keycloak: path transversal in redirection validation (CVE-2024-1132)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:3919", "url": "https://access.redhat.com/errata/RHSA-2024:3919" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2166022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "category": "external", "summary": "2239630", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239630" }, { "category": "external", "summary": "2250364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250364" }, { "category": "external", "summary": "2254559", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254559" }, { "category": "external", "summary": "2262117", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3919.json" } ], "title": "Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update", "tracking": { "current_release_date": "2024-12-17T07:03:48+00:00", "generator": { "date": "2024-12-17T07:03:48+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:3919", "initial_release_date": "2024-06-13T11:37:27+00:00", "revision_history": [ { "date": "2024-06-13T11:37:27+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-06-13T11:37:27+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-17T07:03:48+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Migration Toolkit for Runtimes 1 on RHEL 8", "product": { "name": "Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1", "product_identification_helper": { "cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" } } } ], "category": "product_family", "name": "Migration Toolkit for Runtimes" }, { "branches": [ { "category": "product_version", "name": "mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "product": { "name": "mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "product_id": "mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "product_identification_helper": { "purl": "pkg:oci/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-23" } } }, { "category": "product_version", "name": "mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "product": { "name": "mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "product_id": "mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "product_identification_helper": { "purl": "pkg:oci/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-15" } } }, { "category": "product_version", "name": "mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "product": { "name": "mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "product_id": "mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "product_identification_helper": { "purl": "pkg:oci/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8\u0026tag=1.2-16" } } }, { "category": "product_version", "name": "mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "product": { "name": "mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "product_id": "mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "product_identification_helper": { "purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.2-14" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "product": { "name": "mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "product_id": "mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "product_identification_helper": { "purl": "pkg:oci/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-23" } } }, { "category": "product_version", "name": "mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "product": { "name": "mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "product_id": "mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "product_identification_helper": { "purl": "pkg:oci/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-15" } } }, { "category": "product_version", "name": "mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "product": { "name": "mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "product_id": "mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "product_identification_helper": { "purl": "pkg:oci/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8\u0026tag=1.2-16" } } }, { "category": "product_version", "name": "mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "product": { "name": "mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "product_id": "mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "product_identification_helper": { "purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.2-14" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "product": { "name": "mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "product_id": "mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "product_identification_helper": { "purl": "pkg:oci/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83?arch=arm64\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-23" } } }, { "category": "product_version", "name": "mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "product": { "name": "mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "product_id": "mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "product_identification_helper": { "purl": "pkg:oci/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9?arch=arm64\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-15" } } }, { "category": "product_version", "name": "mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64", "product": { "name": "mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64", "product_id": "mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64", "product_identification_helper": { "purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608?arch=arm64\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.2-14" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "product": { "name": "mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "product_id": "mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-23" } } }, { "category": "product_version", "name": "mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "product": { "name": "mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "product_id": "mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "product_identification_helper": { "purl": "pkg:oci/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-15" } } }, { "category": "product_version", "name": "mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "product": { "name": "mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "product_id": "mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "product_identification_helper": { "purl": "pkg:oci/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8\u0026tag=1.2-16" } } }, { "category": "product_version", "name": "mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "product": { "name": "mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "product_id": "mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.2-14" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64" }, "product_reference": "mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x" }, "product_reference": "mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64" }, "product_reference": "mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le" }, "product_reference": "mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64" }, "product_reference": "mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64" }, "product_reference": "mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le" }, "product_reference": "mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x" }, "product_reference": "mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64" }, "product_reference": "mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x" }, "product_reference": "mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le" }, "product_reference": "mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le" }, "product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x" }, "product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64" }, "product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" }, "product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64", "relates_to_product_reference": "8Base-MTR-1" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Ankur Sundara" ] } ], "cve": "CVE-2023-4639", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2023-01-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2166022" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Cookie Smuggling/Spoofing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4639" }, { "category": "external", "summary": "RHBZ#2166022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4639" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639" } ], "release_date": "2024-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-13T11:37:27+00:00", "details": "Install the latest version of the Migration Toolkit for Runtimes from the Red Hat catalog in the OperatorHub page within your OpenShift instance.", "product_ids": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Cookie Smuggling/Spoofing" }, { "cve": "CVE-2023-26364", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-11-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2250364" } ], "notes": [ { "category": "description", "text": "A flaw was found in Adobe CSS Tools. An improper input validation could result in a minor denial of service while parsing a malicious CSS with the parse component. User interaction and privileges are not required to jeopardize an environment.", "title": "Vulnerability description" }, { "category": "summary", "text": "css-tools: Improper Input Validation causes Denial of Service via Regular Expression", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26364" }, { "category": "external", "summary": "RHBZ#2250364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250364" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26364", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26364" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26364", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26364" }, { "category": "external", "summary": "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg", "url": "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg" } ], "release_date": "2023-11-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-13T11:37:27+00:00", "details": "Install the latest version of the Migration Toolkit for Runtimes from the Red Hat catalog in the OperatorHub page within your OpenShift instance.", "product_ids": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3919" }, { "category": "workaround", "details": "No mitigation is yet available for this vulnerability.", "product_ids": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "css-tools: Improper Input Validation causes Denial of Service via Regular Expression" }, { "cve": "CVE-2023-36479", "cwe": { "id": "CWE-149", "name": "Improper Neutralization of Quoting Syntax" }, "discovery_date": "2023-09-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2239630" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jetty\u0027s CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: Improper addition of quotation marks to user inputs in CgiServlet", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-36479" }, { "category": "external", "summary": "RHBZ#2239630", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239630" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-36479", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36479" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-36479", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36479" } ], "release_date": "2023-09-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-13T11:37:27+00:00", "details": "Install the latest version of the Migration Toolkit for Runtimes from the Red Hat catalog in the OperatorHub page within your OpenShift instance.", "product_ids": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jetty: Improper addition of quotation marks to user inputs in CgiServlet" }, { "cve": "CVE-2023-48631", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2023-12-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2254559" } ], "notes": [ { "category": "description", "text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in Adobe\u0027s css-tools when parsing CSS. This issue occurs due to improper input validation and may allow an attacker to use a carefully crafted input string to cause a denial of service, especially when attempting to parse CSS.", "title": "Vulnerability description" }, { "category": "summary", "text": "css-tools: regular expression denial of service (ReDoS) when parsing CSS", "title": "Vulnerability summary" }, { "category": "other", "text": "The Regular Expression Denial of Service (ReDoS) vulnerability in css-tools, triggered by improper input validation when parsing CSS, is considered of moderate severity. While it can lead to a denial of service by causing the application to become unresponsive, the impact is limited to scenarios where an attacker can provide crafted input. Additionally, the absence of evidence of active exploitation in the wild and contextual factors, such as the software\u0027s usage, contribute to the moderate severity rating.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-48631" }, { "category": "external", "summary": "RHBZ#2254559", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254559" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-48631", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48631" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48631", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48631" }, { "category": "external", "summary": "https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2", "url": "https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2" } ], "release_date": "2023-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-13T11:37:27+00:00", "details": "Install the latest version of the Migration Toolkit for Runtimes from the Red Hat catalog in the OperatorHub page within your OpenShift instance.", "product_ids": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3919" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "css-tools: regular expression denial of service (ReDoS) when parsing CSS" }, { "acknowledgments": [ { "names": [ "Axel Flamcourt" ] } ], "cve": "CVE-2024-1132", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2024-01-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2262117" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: path transversal in redirection validation", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution, but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason, Quarkus is marked as having a Low impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1132" }, { "category": "external", "summary": "RHBZ#2262117", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1132", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1132" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132" } ], "release_date": "2024-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-13T11:37:27+00:00", "details": "Install the latest version of the Migration Toolkit for Runtimes from the Red Hat catalog in the OperatorHub page within your OpenShift instance.", "product_ids": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3919" }, { "category": "workaround", "details": "No current mitigation is available for this vulnerability.", "product_ids": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: path transversal in redirection validation" } ] }
rhsa-2024_2763
Vulnerability from csaf_redhat
Published
2024-05-08 14:17
Modified
2024-11-23 03:35
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)
* undertow: Directory traversal vulnerability (CVE-2024-1459)
* undertow: Unrestricted request storage leads to memory exhaustion (CVE-2023-1973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)\n* undertow: Directory traversal vulnerability (CVE-2024-1459)\n* undertow: Unrestricted request storage leads to memory exhaustion (CVE-2023-1973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:2763", "url": "https://access.redhat.com/errata/RHSA-2024:2763" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2166022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2763.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update", "tracking": { "current_release_date": "2024-11-23T03:35:04+00:00", "generator": { "date": "2024-11-23T03:35:04+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2024:2763", "initial_release_date": "2024-05-08T14:17:10+00:00", "revision_history": [ { "date": "2024-05-08T14:17:10+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-05-08T14:17:10+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-23T03:35:04+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 8", "product": { "name": "Red Hat JBoss Enterprise Application Platform 8", "product_id": "Red Hat JBoss Enterprise Application Platform 8", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-1973", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-02-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2185662" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: unrestricted request storage leads to memory exhaustion", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1973" }, { "category": "external", "summary": "RHBZ#2185662", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1973" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973" } ], "release_date": "2024-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-05-08T14:17:10+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:2763" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 8" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: unrestricted request storage leads to memory exhaustion" }, { "acknowledgments": [ { "names": [ "Ankur Sundara" ] } ], "cve": "CVE-2023-4639", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2023-01-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2166022" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Cookie Smuggling/Spoofing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4639" }, { "category": "external", "summary": "RHBZ#2166022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4639" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639" } ], "release_date": "2024-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-05-08T14:17:10+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:2763" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 8" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Cookie Smuggling/Spoofing" }, { "acknowledgments": [ { "names": [ "AAIB IT Unix Team" ] } ], "cve": "CVE-2024-1459", "cwe": { "id": "CWE-24", "name": "Path Traversal: \u0027../filedir\u0027" }, "discovery_date": "2024-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2259475" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: directory traversal vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1459" }, { "category": "external", "summary": "RHBZ#2259475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1459" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459" } ], "release_date": "2024-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-05-08T14:17:10+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:2763" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 8" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 8" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: directory traversal vulnerability" } ] }
rhsa-2024_2764
Vulnerability from csaf_redhat
Published
2024-05-08 14:25
Modified
2024-11-23 03:34
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)
* undertow: Directory traversal vulnerability (CVE-2024-1459)
* undertow: Unrestricted request storage leads to memory exhaustion (CVE-2023-1973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)\n* undertow: Directory traversal vulnerability (CVE-2024-1459)\n* undertow: Unrestricted request storage leads to memory exhaustion (CVE-2023-1973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:2764", "url": "https://access.redhat.com/errata/RHSA-2024:2764" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2166022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2764.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update", "tracking": { "current_release_date": "2024-11-23T03:34:55+00:00", "generator": { "date": "2024-11-23T03:34:55+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2024:2764", "initial_release_date": "2024-05-08T14:25:09+00:00", "revision_history": [ { "date": "2024-05-08T14:25:09+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-05-08T14:25:09+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-23T03:34:55+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 8.0 for RHEL 8", "product": { "name": "Red Hat JBoss EAP 8.0 for RHEL 8", "product_id": "8Base-JBEAP-8.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" } } }, { "category": "product_name", "name": "Red Hat JBoss EAP 8.0 for RHEL 9", "product": { "name": "Red Hat JBoss EAP 8.0 for RHEL 9", "product_id": "9Base-JBEAP-8.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap8-undertow@2.3.11-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src", "product": { "name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src", "product_id": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap8-undertow@2.3.11-1.SP1_redhat_00001.1.el9eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap8-undertow@2.3.11-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch", "product": { "name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch", "product_id": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap8-undertow@2.3.11-1.SP1_redhat_00001.1.el9eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8", "product_id": "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-8.0" }, { "category": "default_component_of", "full_product_name": { "name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8", "product_id": "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-8.0" }, { "category": "default_component_of", "full_product_name": { "name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9", "product_id": "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-8.0" }, { "category": "default_component_of", "full_product_name": { "name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9", "product_id": "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src" }, "product_reference": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-8.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-1973", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-02-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2185662" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: unrestricted request storage leads to memory exhaustion", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src", "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1973" }, { "category": "external", "summary": "RHBZ#2185662", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1973" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973" } ], "release_date": "2024-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-05-08T14:25:09+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src", "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:2764" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src", "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: unrestricted request storage leads to memory exhaustion" }, { "acknowledgments": [ { "names": [ "Ankur Sundara" ] } ], "cve": "CVE-2023-4639", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2023-01-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2166022" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Cookie Smuggling/Spoofing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src", "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4639" }, { "category": "external", "summary": "RHBZ#2166022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4639" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639" } ], "release_date": "2024-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-05-08T14:25:09+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src", "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:2764" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src", "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Cookie Smuggling/Spoofing" }, { "acknowledgments": [ { "names": [ "AAIB IT Unix Team" ] } ], "cve": "CVE-2024-1459", "cwe": { "id": "CWE-24", "name": "Path Traversal: \u0027../filedir\u0027" }, "discovery_date": "2024-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2259475" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: directory traversal vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src", "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1459" }, { "category": "external", "summary": "RHBZ#2259475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1459" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459" } ], "release_date": "2024-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-05-08T14:25:09+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src", "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:2764" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src", "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src", "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: directory traversal vulnerability" } ] }
rhsa-2024_1676
Vulnerability from csaf_redhat
Published
2024-04-04 15:23
Modified
2024-12-17 22:38
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)
* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)
* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)
* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:1676", "url": "https://access.redhat.com/errata/RHSA-2024:1676" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2166022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "category": "external", "summary": "2185662", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662" }, { "category": "external", "summary": "2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "external", "summary": "JBEAP-19969", "url": "https://issues.redhat.com/browse/JBEAP-19969" }, { "category": "external", "summary": "JBEAP-26168", "url": "https://issues.redhat.com/browse/JBEAP-26168" }, { "category": "external", "summary": "JBEAP-26280", "url": "https://issues.redhat.com/browse/JBEAP-26280" }, { "category": "external", "summary": "JBEAP-26291", "url": "https://issues.redhat.com/browse/JBEAP-26291" }, { "category": "external", "summary": "JBEAP-26318", "url": "https://issues.redhat.com/browse/JBEAP-26318" }, { "category": "external", "summary": "JBEAP-26343", "url": "https://issues.redhat.com/browse/JBEAP-26343" }, { "category": "external", "summary": "JBEAP-26355", "url": "https://issues.redhat.com/browse/JBEAP-26355" }, { "category": "external", "summary": "JBEAP-26414", "url": "https://issues.redhat.com/browse/JBEAP-26414" }, { "category": "external", "summary": "JBEAP-26467", "url": "https://issues.redhat.com/browse/JBEAP-26467" }, { "category": "external", "summary": "JBEAP-26533", "url": "https://issues.redhat.com/browse/JBEAP-26533" }, { "category": "external", "summary": "JBEAP-26552", "url": "https://issues.redhat.com/browse/JBEAP-26552" }, { "category": "external", "summary": "JBEAP-26587", "url": "https://issues.redhat.com/browse/JBEAP-26587" }, { "category": "external", "summary": "JBEAP-26616", "url": "https://issues.redhat.com/browse/JBEAP-26616" }, { "category": "external", "summary": "JBEAP-26617", "url": "https://issues.redhat.com/browse/JBEAP-26617" }, { "category": "external", "summary": "JBEAP-26636", "url": "https://issues.redhat.com/browse/JBEAP-26636" }, { "category": "external", "summary": "JBEAP-26660", "url": "https://issues.redhat.com/browse/JBEAP-26660" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1676.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update", "tracking": { "current_release_date": "2024-12-17T22:38:42+00:00", "generator": { "date": "2024-12-17T22:38:42+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:1676", "initial_release_date": "2024-04-04T15:23:45+00:00", "revision_history": [ { "date": "2024-04-04T15:23:45+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-04-04T15:23:45+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-17T22:38:42+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 9", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "product": { "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "product": { "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.4-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "product": { "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "product": { "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "product": { "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "product": { "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el9eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-3.SP3_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.22-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.4-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-35.Final_redhat_00034.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-35.Final_redhat_00034.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "product_id": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-2.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "product_id": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-2.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "product_id": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-2.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.36-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.36-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_id": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-analyzers-common@5.5.5-6.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_id": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-backward-codecs@5.5.5-6.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_id": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-core@5.5.5-6.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_id": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-facet@5.5.5-6.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_id": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-misc@5.5.5-6.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_id": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-queries@5.5.5-6.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_id": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-queryparser@5.5.5-6.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product_id": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "product": { "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el9eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64" }, "product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src" }, "product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src" }, "product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-1973", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-02-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2185662" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: unrestricted request storage leads to memory exhaustion", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src" ], "known_not_affected": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1973" }, { "category": "external", "summary": "RHBZ#2185662", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1973" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973" } ], "release_date": "2024-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:45+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1676" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: unrestricted request storage leads to memory exhaustion" }, { "acknowledgments": [ { "names": [ "Ankur Sundara" ] } ], "cve": "CVE-2023-4639", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2023-01-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2166022" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Cookie Smuggling/Spoofing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src" ], "known_not_affected": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4639" }, { "category": "external", "summary": "RHBZ#2166022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4639" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639" } ], "release_date": "2024-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:45+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1676" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Cookie Smuggling/Spoofing" }, { "cve": "CVE-2023-48795", "cwe": { "id": "CWE-222", "name": "Truncation of Security-relevant Information" }, "discovery_date": "2023-12-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2254210" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-48795" }, { "category": "external", "summary": "RHBZ#2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, { "category": "external", "summary": "https://access.redhat.com/solutions/7071748", "url": "https://access.redhat.com/solutions/7071748" }, { "category": "external", "summary": "https://terrapin-attack.com/", "url": "https://terrapin-attack.com/" } ], "release_date": "2023-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:45+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1676" }, { "category": "workaround", "details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)" }, { "acknowledgments": [ { "names": [ "AAIB IT Unix Team" ] } ], "cve": "CVE-2024-1459", "cwe": { "id": "CWE-24", "name": "Path Traversal: \u0027../filedir\u0027" }, "discovery_date": "2024-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2259475" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: directory traversal vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1459" }, { "category": "external", "summary": "RHBZ#2259475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1459" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459" } ], "release_date": "2024-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:45+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1676" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: directory traversal vulnerability" }, { "cve": "CVE-2024-1635", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2264928" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol", "title": "Vulnerability summary" }, { "category": "other", "text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src" ], "known_not_affected": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1635" }, { "category": "external", "summary": "RHBZ#2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1635" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635" } ], "release_date": "2023-10-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:45+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1676" }, { "category": "workaround", "details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol" } ] }
wid-sec-w-2024-1084
Vulnerability from csaf_certbund
Published
2024-05-09 22:00
Modified
2024-06-13 22:00
Summary
Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.
Angriff
Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "JBoss Enterprise Application Platform ist eine skalierbare Plattform f\u00fcr Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-1084 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1084.json" }, { "category": "self", "summary": "WID-SEC-2024-1084 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1084" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2763 vom 2024-05-09", "url": "https://access.redhat.com/errata/RHSA-2024:2763" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2764 vom 2024-05-09", "url": "https://access.redhat.com/errata/RHSA-2024:2764" }, { "category": "external", "summary": "RedHat Security Advisory", "url": "https://access.redhat.com/errata/RHSA-2024:3919" } ], "source_lang": "en-US", "title": "Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-06-13T22:00:00.000+00:00", "generator": { "date": "2024-06-14T08:08:25.281+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-1084", "initial_release_date": "2024-05-09T22:00:00.000+00:00", "revision_history": [ { "date": "2024-05-09T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-06-13T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "T035142", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "branches": [ { "category": "product_version_range", "name": "\u003c8.0", "product": { "name": "Red Hat JBoss Enterprise Application Platform \u003c8.0", "product_id": "T034675", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0" } } } ], "category": "product_name", "name": "JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-1973", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform. Diese Fehler bestehen in der Undertow-Komponente aufgrund einer unsachgem\u00e4\u00dfen Eingabevalidierung, eines HTTP-Request-Schmuggels und eines Path-Traversal-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand auszul\u00f6sen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T035142" ] }, "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-1973" }, { "cve": "CVE-2023-4639", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform. Diese Fehler bestehen in der Undertow-Komponente aufgrund einer unsachgem\u00e4\u00dfen Eingabevalidierung, eines HTTP-Request-Schmuggels und eines Path-Traversal-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand auszul\u00f6sen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T035142" ] }, "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-4639" }, { "cve": "CVE-2024-1459", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform. Diese Fehler bestehen in der Undertow-Komponente aufgrund einer unsachgem\u00e4\u00dfen Eingabevalidierung, eines HTTP-Request-Schmuggels und eines Path-Traversal-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand auszul\u00f6sen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T035142" ] }, "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2024-1459" } ] }
WID-SEC-W-2024-1084
Vulnerability from csaf_certbund
Published
2024-05-09 22:00
Modified
2024-06-13 22:00
Summary
Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.
Angriff
Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "JBoss Enterprise Application Platform ist eine skalierbare Plattform f\u00fcr Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-1084 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1084.json" }, { "category": "self", "summary": "WID-SEC-2024-1084 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1084" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2763 vom 2024-05-09", "url": "https://access.redhat.com/errata/RHSA-2024:2763" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2764 vom 2024-05-09", "url": "https://access.redhat.com/errata/RHSA-2024:2764" }, { "category": "external", "summary": "RedHat Security Advisory", "url": "https://access.redhat.com/errata/RHSA-2024:3919" } ], "source_lang": "en-US", "title": "Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-06-13T22:00:00.000+00:00", "generator": { "date": "2024-06-14T08:08:25.281+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-1084", "initial_release_date": "2024-05-09T22:00:00.000+00:00", "revision_history": [ { "date": "2024-05-09T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-06-13T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "T035142", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "branches": [ { "category": "product_version_range", "name": "\u003c8.0", "product": { "name": "Red Hat JBoss Enterprise Application Platform \u003c8.0", "product_id": "T034675", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0" } } } ], "category": "product_name", "name": "JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-1973", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform. Diese Fehler bestehen in der Undertow-Komponente aufgrund einer unsachgem\u00e4\u00dfen Eingabevalidierung, eines HTTP-Request-Schmuggels und eines Path-Traversal-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand auszul\u00f6sen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T035142" ] }, "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-1973" }, { "cve": "CVE-2023-4639", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform. Diese Fehler bestehen in der Undertow-Komponente aufgrund einer unsachgem\u00e4\u00dfen Eingabevalidierung, eines HTTP-Request-Schmuggels und eines Path-Traversal-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand auszul\u00f6sen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T035142" ] }, "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-4639" }, { "cve": "CVE-2024-1459", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform. Diese Fehler bestehen in der Undertow-Komponente aufgrund einer unsachgem\u00e4\u00dfen Eingabevalidierung, eines HTTP-Request-Schmuggels und eines Path-Traversal-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand auszul\u00f6sen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T035142" ] }, "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2024-1459" } ] }
gsd-2023-4639
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2023-4639", "id": "GSD-2023-4639" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2023-4639" ], "id": "GSD-2023-4639", "modified": "2023-12-13T01:20:26.700406Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2023-4639", "STATE": "RESERVED" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.