Action not permitted
Modal body text goes here.
cve-2024-1635
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-1635", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-22T16:54:05.178381Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-05T13:50:19.172Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:48:21.580Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:1674", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1674" }, { "name": "RHSA-2024:1675", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1675" }, { "name": "RHSA-2024:1676", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1676" }, { "name": "RHSA-2024:1677", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1677" }, { "name": "RHSA-2024:1860", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "name": "RHSA-2024:1861", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "name": "RHSA-2024:1862", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "name": "RHSA-2024:1864", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "name": "RHSA-2024:1866", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1635" }, { "name": "RHBZ#2264928", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240322-0007/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/undertow-io/undertow", "defaultStatus": "unaffected", "packageName": "undertow", "versions": [ { "status": "affected", "version": "1.31.0" } ] }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.30-1.SP1_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.30-1.SP1_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.30-1.SP1_redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" ], "defaultStatus": "affected", "packageName": "rh-sso7-keycloak", "product": "Red Hat Single Sign-On 7.6 for RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:18.0.13-1.redhat_00001.1.el7sso", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" ], "defaultStatus": "affected", "packageName": "rh-sso7-keycloak", "product": "Red Hat Single Sign-On 7.6 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:18.0.13-1.redhat_00001.1.el8sso", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" ], "defaultStatus": "affected", "packageName": "rh-sso7-keycloak", "product": "Red Hat Single Sign-On 7.6 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:18.0.13-1.redhat_00001.1.el9sso", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:rhosemc:1.0::el8" ], "defaultStatus": "affected", "packageName": "rh-sso-7/sso76-openshift-rhel8", "product": "RHEL-8 based Middleware Containers", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "7.6-46", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7.6" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "RHSSO 7.6.8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:serverless:1" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "OpenShift Serverless", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_quarkus:3" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat build of Apache Camel for Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_spring_boot:3" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat build of Apache Camel for Spring Boot 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_spring_boot:4" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat build of Apache Camel for Spring Boot 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_registry:2" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat build of Apicurio Registry", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:build_keycloak:" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Build of Keycloak", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:optaplanner:::el6" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat build of OptaPlanner 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:3" ], "defaultStatus": "unaffected", "packageName": "io.quarkus/quarkus-undertow", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Data Grid 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Fuse 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:integration:1" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Integration Camel K", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_quarkus:2" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Integration Camel Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_data_grid:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat JBoss Data Grid 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_fuse_service_works:6" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat JBoss Fuse Service Works 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:amq_streams:1" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "streams for Apache Kafka", "vendor": "Red Hat" } ], "datePublic": "2023-10-27T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-06T14:50:44.777Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1674", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1674" }, { "name": "RHSA-2024:1675", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1675" }, { "name": "RHSA-2024:1676", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1676" }, { "name": "RHSA-2024:1677", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1677" }, { "name": "RHSA-2024:1860", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "name": "RHSA-2024:1861", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "name": "RHSA-2024:1862", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "name": "RHSA-2024:1864", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "name": "RHSA-2024:1866", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1635" }, { "name": "RHBZ#2264928", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" } ], "timeline": [ { "lang": "en", "time": "2024-02-19T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-10-27T00:00:00+00:00", "value": "Made public." } ], "title": "Undertow: out-of-memory error after several closed connections with wildfly-http-client protocol", "workarounds": [ { "lang": "en", "value": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact." } ], "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-1635", "datePublished": "2024-02-19T21:23:14.496Z", "dateReserved": "2024-02-19T17:25:58.418Z", "dateUpdated": "2024-11-06T14:50:44.777Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-1635\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2024-02-19T22:15:48.647\",\"lastModified\":\"2024-09-16T17:16:03.790\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \\r\\n\\r\\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una vulnerabilidad en Undertow. Esta vulnerabilidad afecta a un servidor que admite el protocolo wildfly-http-client. Siempre que un usuario malintencionado abre y cierra una conexi\u00f3n con el puerto HTTP del servidor y luego cierra la conexi\u00f3n inmediatamente, el servidor finalizar\u00e1 con los l\u00edmites de memoria y de archivos abiertos agotados en alg\u00fan momento, dependiendo de la cantidad de memoria disponible. En la actualizaci\u00f3n HTTP a comunicaci\u00f3n remota, WriteTimeoutStreamSinkConduit pierde conexiones si RemotingConnection se cierra mediante Remoting ServerConnectionOpenListener. Debido a que la conexi\u00f3n remota se origina en Undertow como parte de la actualizaci\u00f3n HTTP, existe una capa externa a la conexi\u00f3n remota. Esta conexi\u00f3n desconoce la capa m\u00e1s externa al cerrar la conexi\u00f3n durante el procedimiento de apertura de la conexi\u00f3n. Por lo tanto, Undertow WriteTimeoutStreamSinkConduit no recibe notificaci\u00f3n de la conexi\u00f3n cerrada en este escenario. Debido a que WriteTimeoutStreamSinkConduit crea una tarea de tiempo de espera, todo el \u00e1rbol de dependencia se filtra a trav\u00e9s de esa tarea, que se agrega a XNIO WorkerThread. Entonces, el hilo de trabajo apunta al conducto Undertow, que contiene las conexiones y causa la fuga.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1674\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1675\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1676\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1677\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1860\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1861\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1862\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1864\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1866\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2024-1635\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2264928\",\"source\":\"secalert@redhat.com\"}]}}" } }
rhsa-2024_1674
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:1674", "url": "https://access.redhat.com/errata/RHSA-2024:1674" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2166022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "category": "external", "summary": "2185662", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662" }, { "category": "external", "summary": "2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "external", "summary": "JBEAP-19969", "url": "https://issues.redhat.com/browse/JBEAP-19969" }, { "category": "external", "summary": "JBEAP-26168", "url": "https://issues.redhat.com/browse/JBEAP-26168" }, { "category": "external", "summary": "JBEAP-26280", "url": "https://issues.redhat.com/browse/JBEAP-26280" }, { "category": "external", "summary": "JBEAP-26291", "url": "https://issues.redhat.com/browse/JBEAP-26291" }, { "category": "external", "summary": "JBEAP-26318", "url": "https://issues.redhat.com/browse/JBEAP-26318" }, { "category": "external", "summary": "JBEAP-26343", "url": "https://issues.redhat.com/browse/JBEAP-26343" }, { "category": "external", "summary": "JBEAP-26355", "url": "https://issues.redhat.com/browse/JBEAP-26355" }, { "category": "external", "summary": "JBEAP-26414", "url": "https://issues.redhat.com/browse/JBEAP-26414" }, { "category": "external", "summary": "JBEAP-26467", "url": "https://issues.redhat.com/browse/JBEAP-26467" }, { "category": "external", "summary": "JBEAP-26533", "url": "https://issues.redhat.com/browse/JBEAP-26533" }, { "category": "external", "summary": "JBEAP-26552", "url": "https://issues.redhat.com/browse/JBEAP-26552" }, { "category": "external", "summary": "JBEAP-26587", "url": "https://issues.redhat.com/browse/JBEAP-26587" }, { "category": "external", "summary": "JBEAP-26616", "url": "https://issues.redhat.com/browse/JBEAP-26616" }, { "category": "external", "summary": "JBEAP-26617", "url": "https://issues.redhat.com/browse/JBEAP-26617" }, { "category": "external", "summary": "JBEAP-26636", "url": "https://issues.redhat.com/browse/JBEAP-26636" }, { "category": "external", "summary": "JBEAP-26660", "url": "https://issues.redhat.com/browse/JBEAP-26660" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1674.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update", "tracking": { "current_release_date": "2024-11-06T15:00:54+00:00", "generator": { "date": "2024-11-06T15:00:54+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:1674", "initial_release_date": "2024-04-04T15:23:51+00:00", "revision_history": [ { "date": "2024-04-04T15:23:51+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-04-04T15:23:51+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T15:00:54+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.4-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "product": { "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "product": { "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "product": { "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "product": { "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "product": { "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el7eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.4-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-3.SP3_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-18.redhat_00052.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "product_id": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-2.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "product_id": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-2.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "product_id": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-2.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-35.Final_redhat_00034.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-35.Final_redhat_00034.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product": { "name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_id": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-analyzers-common@5.5.5-6.redhat_2.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product": { "name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_id": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-backward-codecs@5.5.5-6.redhat_2.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product": { "name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_id": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-core@5.5.5-6.redhat_2.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product": { "name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_id": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-facet@5.5.5-6.redhat_2.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product": { "name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_id": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-misc@5.5.5-6.redhat_2.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product": { "name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_id": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-queries@5.5.5-6.redhat_2.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product": { "name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_id": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-queryparser@5.5.5-6.redhat_2.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product": { "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "product": { "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el7eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "product": { "name": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "product_id": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-cert-helper-debuginfo@1.1.2-1.redhat_00001.1.el7eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64" }, "product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64" }, "product_reference": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch" }, "product_reference": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch" }, "product_reference": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch" }, "product_reference": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch" }, "product_reference": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch" }, "product_reference": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch" }, "product_reference": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch" }, "product_reference": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch" }, "product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src" }, "product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-1973", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-02-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2185662" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: unrestricted request storage leads to memory exhaustion", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1973" }, { "category": "external", "summary": "RHBZ#2185662", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1973" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973" } ], "release_date": "2024-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:51+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1674" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: unrestricted request storage leads to memory exhaustion" }, { "acknowledgments": [ { "names": [ "Ankur Sundara" ] } ], "cve": "CVE-2023-4639", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2023-01-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2166022" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Cookie Smuggling/Spoofing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4639" }, { "category": "external", "summary": "RHBZ#2166022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4639" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639" } ], "release_date": "2024-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:51+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1674" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Cookie Smuggling/Spoofing" }, { "cve": "CVE-2023-48795", "cwe": { "id": "CWE-222", "name": "Truncation of Security-relevant Information" }, "discovery_date": "2023-12-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2254210" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-48795" }, { "category": "external", "summary": "RHBZ#2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, { "category": "external", "summary": "https://access.redhat.com/solutions/7071748", "url": "https://access.redhat.com/solutions/7071748" }, { "category": "external", "summary": "https://terrapin-attack.com/", "url": "https://terrapin-attack.com/" } ], "release_date": "2023-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:51+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1674" }, { "category": "workaround", "details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)" }, { "acknowledgments": [ { "names": [ "AAIB IT Unix Team" ] } ], "cve": "CVE-2024-1459", "cwe": { "id": "CWE-24", "name": "Path Traversal: \u0027../filedir\u0027" }, "discovery_date": "2024-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2259475" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: directory traversal vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1459" }, { "category": "external", "summary": "RHBZ#2259475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1459" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459" } ], "release_date": "2024-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:51+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1674" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: directory traversal vulnerability" }, { "cve": "CVE-2024-1635", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2264928" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol", "title": "Vulnerability summary" }, { "category": "other", "text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1635" }, { "category": "external", "summary": "RHBZ#2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1635" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635" } ], "release_date": "2023-10-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:51+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1674" }, { "category": "workaround", "details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol" } ] }
rhsa-2024_1675
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:1675", "url": "https://access.redhat.com/errata/RHSA-2024:1675" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2166022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "category": "external", "summary": "2185662", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662" }, { "category": "external", "summary": "2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "external", "summary": "JBEAP-19969", "url": "https://issues.redhat.com/browse/JBEAP-19969" }, { "category": "external", "summary": "JBEAP-26168", "url": "https://issues.redhat.com/browse/JBEAP-26168" }, { "category": "external", "summary": "JBEAP-26280", "url": "https://issues.redhat.com/browse/JBEAP-26280" }, { "category": "external", "summary": "JBEAP-26291", "url": "https://issues.redhat.com/browse/JBEAP-26291" }, { "category": "external", "summary": "JBEAP-26318", "url": "https://issues.redhat.com/browse/JBEAP-26318" }, { "category": "external", "summary": "JBEAP-26343", "url": "https://issues.redhat.com/browse/JBEAP-26343" }, { "category": "external", "summary": "JBEAP-26355", "url": "https://issues.redhat.com/browse/JBEAP-26355" }, { "category": "external", "summary": "JBEAP-26414", "url": "https://issues.redhat.com/browse/JBEAP-26414" }, { "category": "external", "summary": "JBEAP-26467", "url": "https://issues.redhat.com/browse/JBEAP-26467" }, { "category": "external", "summary": "JBEAP-26533", "url": "https://issues.redhat.com/browse/JBEAP-26533" }, { "category": "external", "summary": "JBEAP-26552", "url": "https://issues.redhat.com/browse/JBEAP-26552" }, { "category": "external", "summary": "JBEAP-26587", "url": "https://issues.redhat.com/browse/JBEAP-26587" }, { "category": "external", "summary": "JBEAP-26616", "url": "https://issues.redhat.com/browse/JBEAP-26616" }, { "category": "external", "summary": "JBEAP-26617", "url": "https://issues.redhat.com/browse/JBEAP-26617" }, { "category": "external", "summary": "JBEAP-26636", "url": "https://issues.redhat.com/browse/JBEAP-26636" }, { "category": "external", "summary": "JBEAP-26660", "url": "https://issues.redhat.com/browse/JBEAP-26660" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1675.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update", "tracking": { "current_release_date": "2024-11-06T15:00:40+00:00", "generator": { "date": "2024-11-06T15:00:40+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:1675", "initial_release_date": "2024-04-04T15:23:50+00:00", "revision_history": [ { "date": "2024-04-04T15:23:50+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-04-04T15:23:50+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T15:00:40+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 8", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "product": { "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.4-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "product": { "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "product": { "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "product": { "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "product": { "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el8eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-3.SP3_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-18.redhat_00052.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-35.Final_redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-35.Final_redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "product_id": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-2.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "product_id": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-2.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "product_id": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-2.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product": { "name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_id": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-analyzers-common@5.5.5-6.redhat_2.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product": { "name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_id": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-backward-codecs@5.5.5-6.redhat_2.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product": { "name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_id": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-core@5.5.5-6.redhat_2.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product": { "name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_id": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-facet@5.5.5-6.redhat_2.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product": { "name": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_id": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-grouping@5.5.5-6.redhat_2.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product": { "name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_id": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-misc@5.5.5-6.redhat_2.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product": { "name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_id": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-queries@5.5.5-6.redhat_2.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product": { "name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_id": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-queryparser@5.5.5-6.redhat_2.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product": { "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "product": { "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el8eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64" }, "product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch" }, "product_reference": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch" }, "product_reference": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch" }, "product_reference": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch" }, "product_reference": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch" }, "product_reference": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch" }, "product_reference": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch" }, "product_reference": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch" }, "product_reference": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch" }, "product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src" }, "product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-1973", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-02-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2185662" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: unrestricted request storage leads to memory exhaustion", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1973" }, { "category": "external", "summary": "RHBZ#2185662", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1973" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973" } ], "release_date": "2024-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:50+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1675" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: unrestricted request storage leads to memory exhaustion" }, { "acknowledgments": [ { "names": [ "Ankur Sundara" ] } ], "cve": "CVE-2023-4639", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2023-01-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2166022" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Cookie Smuggling/Spoofing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4639" }, { "category": "external", "summary": "RHBZ#2166022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4639" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639" } ], "release_date": "2024-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:50+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1675" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Cookie Smuggling/Spoofing" }, { "cve": "CVE-2023-48795", "cwe": { "id": "CWE-222", "name": "Truncation of Security-relevant Information" }, "discovery_date": "2023-12-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2254210" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-48795" }, { "category": "external", "summary": "RHBZ#2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, { "category": "external", "summary": "https://access.redhat.com/solutions/7071748", "url": "https://access.redhat.com/solutions/7071748" }, { "category": "external", "summary": "https://terrapin-attack.com/", "url": "https://terrapin-attack.com/" } ], "release_date": "2023-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:50+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1675" }, { "category": "workaround", "details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)" }, { "acknowledgments": [ { "names": [ "AAIB IT Unix Team" ] } ], "cve": "CVE-2024-1459", "cwe": { "id": "CWE-24", "name": "Path Traversal: \u0027../filedir\u0027" }, "discovery_date": "2024-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2259475" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: directory traversal vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1459" }, { "category": "external", "summary": "RHBZ#2259475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1459" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459" } ], "release_date": "2024-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:50+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1675" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: directory traversal vulnerability" }, { "cve": "CVE-2024-1635", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2264928" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol", "title": "Vulnerability summary" }, { "category": "other", "text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1635" }, { "category": "external", "summary": "RHBZ#2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1635" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635" } ], "release_date": "2023-10-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:50+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1675" }, { "category": "workaround", "details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol" } ] }
rhsa-2024_1677
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:1677", "url": "https://access.redhat.com/errata/RHSA-2024:1677" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.4", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.4" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2166022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "category": "external", "summary": "2185662", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662" }, { "category": "external", "summary": "2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "external", "summary": "JBEAP-19969", "url": "https://issues.redhat.com/browse/JBEAP-19969" }, { "category": "external", "summary": "JBEAP-26168", "url": "https://issues.redhat.com/browse/JBEAP-26168" }, { "category": "external", "summary": "JBEAP-26280", "url": "https://issues.redhat.com/browse/JBEAP-26280" }, { "category": "external", "summary": "JBEAP-26291", "url": "https://issues.redhat.com/browse/JBEAP-26291" }, { "category": "external", "summary": "JBEAP-26318", "url": "https://issues.redhat.com/browse/JBEAP-26318" }, { "category": "external", "summary": "JBEAP-26343", "url": "https://issues.redhat.com/browse/JBEAP-26343" }, { "category": "external", "summary": "JBEAP-26355", "url": "https://issues.redhat.com/browse/JBEAP-26355" }, { "category": "external", "summary": "JBEAP-26414", "url": "https://issues.redhat.com/browse/JBEAP-26414" }, { "category": "external", "summary": "JBEAP-26467", "url": "https://issues.redhat.com/browse/JBEAP-26467" }, { "category": "external", "summary": "JBEAP-26533", "url": "https://issues.redhat.com/browse/JBEAP-26533" }, { "category": "external", "summary": "JBEAP-26552", "url": "https://issues.redhat.com/browse/JBEAP-26552" }, { "category": "external", "summary": "JBEAP-26587", "url": "https://issues.redhat.com/browse/JBEAP-26587" }, { "category": "external", "summary": "JBEAP-26616", "url": "https://issues.redhat.com/browse/JBEAP-26616" }, { "category": "external", "summary": "JBEAP-26617", "url": "https://issues.redhat.com/browse/JBEAP-26617" }, { "category": "external", "summary": "JBEAP-26636", "url": "https://issues.redhat.com/browse/JBEAP-26636" }, { "category": "external", "summary": "JBEAP-26660", "url": "https://issues.redhat.com/browse/JBEAP-26660" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1677.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update", "tracking": { "current_release_date": "2024-11-06T15:01:17+00:00", "generator": { "date": "2024-11-06T15:01:17+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:1677", "initial_release_date": "2024-04-04T15:22:45+00:00", "revision_history": [ { "date": "2024-04-04T15:22:45+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-06-05T10:53:24+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T15:01:17+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7", "product_id": "Red Hat JBoss Enterprise Application Platform 7", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-1973", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-02-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2185662" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: unrestricted request storage leads to memory exhaustion", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1973" }, { "category": "external", "summary": "RHBZ#2185662", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1973" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973" } ], "release_date": "2024-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:22:45+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1677" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: unrestricted request storage leads to memory exhaustion" }, { "acknowledgments": [ { "names": [ "Ankur Sundara" ] } ], "cve": "CVE-2023-4639", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2023-01-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2166022" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Cookie Smuggling/Spoofing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4639" }, { "category": "external", "summary": "RHBZ#2166022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4639" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639" } ], "release_date": "2024-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:22:45+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1677" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Cookie Smuggling/Spoofing" }, { "cve": "CVE-2023-48795", "cwe": { "id": "CWE-222", "name": "Truncation of Security-relevant Information" }, "discovery_date": "2023-12-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2254210" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-48795" }, { "category": "external", "summary": "RHBZ#2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, { "category": "external", "summary": "https://access.redhat.com/solutions/7071748", "url": "https://access.redhat.com/solutions/7071748" }, { "category": "external", "summary": "https://terrapin-attack.com/", "url": "https://terrapin-attack.com/" } ], "release_date": "2023-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:22:45+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1677" }, { "category": "workaround", "details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)" }, { "acknowledgments": [ { "names": [ "AAIB IT Unix Team" ] } ], "cve": "CVE-2024-1459", "cwe": { "id": "CWE-24", "name": "Path Traversal: \u0027../filedir\u0027" }, "discovery_date": "2024-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2259475" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: directory traversal vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1459" }, { "category": "external", "summary": "RHBZ#2259475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1459" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459" } ], "release_date": "2024-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:22:45+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1677" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: directory traversal vulnerability" }, { "cve": "CVE-2024-1635", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2264928" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol", "title": "Vulnerability summary" }, { "category": "other", "text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1635" }, { "category": "external", "summary": "RHBZ#2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1635" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635" } ], "release_date": "2023-10-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:22:45+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1677" }, { "category": "workaround", "details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol" } ] }
rhsa-2024_1861
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.6.8 deliverables are now available for Red Hat\nEnterprise Linux 8.\n\nThis is an enhancement and security update with Important impact rating and\npackage name \u0027rh-sso7-keycloak\u0027. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.8 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.7, and includes bug fixes, security updates and\nenhancements which are linked to in the References.\n\nSecurity Fix(es):\n\n* path transversal in redirection validation (CVE-2024-1132)\n\n* org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS (CVE-2024-1249)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol (CVE-2024-1635)\n\n* Authorization Bypass (CVE-2023-6544)\n\n* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in the\nReferences section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:1861", "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important/", "url": "https://access.redhat.com/security/updates/classification/#important/" }, { "category": "external", "summary": "2248423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423" }, { "category": "external", "summary": "2253116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253116" }, { "category": "external", "summary": "2262117", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117" }, { "category": "external", "summary": "2262918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918" }, { "category": "external", "summary": "2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1861.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.8 security update on RHEL 8", "tracking": { "current_release_date": "2024-11-07T14:22:49+00:00", "generator": { "date": "2024-11-07T14:22:49+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:1861", "initial_release_date": "2024-04-16T19:55:09+00:00", "revision_history": [ { "date": "2024-04-16T19:55:09+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-04-16T19:55:09+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-07T14:22:49+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6 for RHEL 8", "product": { "name": "Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src", "product": { "name": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src", "product_id": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.13-1.redhat_00001.1.el8sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.13-1.redhat_00001.1.el8sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.13-1.redhat_00001.1.el8sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src" }, "product_reference": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src", "relates_to_product_reference": "8Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-6484", "cwe": { "id": "CWE-117", "name": "Improper Output Neutralization for Logs" }, "discovery_date": "2023-11-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2248423" } ], "notes": [ { "category": "description", "text": "A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Log Injection during WebAuthn authentication or registration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6484" }, { "category": "external", "summary": "RHBZ#2248423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6484", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6484" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484" } ], "release_date": "2023-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T19:55:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1861" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: Log Injection during WebAuthn authentication or registration" }, { "acknowledgments": [ { "names": [ "Bastian Kanbach" ], "organization": "Secure Systems DE [bastian.kanbach@securesystems.de]" } ], "cve": "CVE-2023-6544", "cwe": { "id": "CWE-625", "name": "Permissive Regular Expression" }, "discovery_date": "2023-12-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2253116" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Authorization Bypass", "title": "Vulnerability summary" }, { "category": "other", "text": "Due to the high complexity of this attack, Red Hat considers this a Moderate impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6544" }, { "category": "external", "summary": "RHBZ#2253116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253116" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6544", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6544" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6544", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6544" } ], "release_date": "2024-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T19:55:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "category": "workaround", "details": "No mitigation is currently available for this flaw.", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Authorization Bypass" }, { "acknowledgments": [ { "names": [ "Axel Flamcourt" ] } ], "cve": "CVE-2024-1132", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2024-01-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2262117" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: path transversal in redirection validation", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution, but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason, Quarkus is marked as having a Low impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1132" }, { "category": "external", "summary": "RHBZ#2262117", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1132", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1132" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132" } ], "release_date": "2024-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T19:55:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "category": "workaround", "details": "No current mitigation is available for this vulnerability.", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: path transversal in redirection validation" }, { "acknowledgments": [ { "names": [ "Adriano M\u00e1rcio Monteiro" ] } ], "cve": "CVE-2024-1249", "cwe": { "id": "CWE-346", "name": "Origin Validation Error" }, "discovery_date": "2024-02-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2262918" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak\u0027s OIDC component in the \"checkLoginIframe,\" which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application\u0027s availability without proper origin validation for incoming messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerability in Keycloak\u0027s OIDC component allowing unvalidated cross-origin messages in the \"checkLoginIframe\" function represents an important severity issue due to its potential to cause significant disruption and resource exhaustion. Exploitation of this flaw can lead to a Denial of Service (DoS) condition, where malicious actors can overwhelm the server with a high volume of requests, impacting availability for legitimate users. The absence of proper origin validation means attackers can exploit this weakness relatively easily, leveraging automated scripts to flood the server within seconds.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1249" }, { "category": "external", "summary": "RHBZ#2262918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1249", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1249" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1249", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1249" } ], "release_date": "2024-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T19:55:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS" }, { "cve": "CVE-2024-1635", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2264928" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol", "title": "Vulnerability summary" }, { "category": "other", "text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1635" }, { "category": "external", "summary": "RHBZ#2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1635" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635" } ], "release_date": "2023-10-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T19:55:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "category": "workaround", "details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol" } ] }
rhsa-2024_1866
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nThis is an enhancement and security update with Important impact rating and\npackage name \u0027rh-sso7-keycloak\u0027. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.8 serves as a replacement for Red Hat Single Sign-On 7.6.7, and includes bug fixes, security updates and\nenhancements which are linked to in the References.\n\nSecurity Fix(es):\n\n* Authorization Bypass (CVE-2023-6544)\n* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)\n* path transversal in redirection validation (CVE-2024-1132)\n* unvalidated cross-origin messages in checkLoginIframe leads to DDoS (CVE-2024-1249)\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in the\nReferences section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:1866", "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2248423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423" }, { "category": "external", "summary": "2253116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253116" }, { "category": "external", "summary": "2262117", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117" }, { "category": "external", "summary": "2262918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918" }, { "category": "external", "summary": "2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1866.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.8 security update", "tracking": { "current_release_date": "2024-11-07T14:22:26+00:00", "generator": { "date": "2024-11-07T14:22:26+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:1866", "initial_release_date": "2024-04-16T20:04:32+00:00", "revision_history": [ { "date": "2024-04-16T20:04:32+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-04-16T20:04:32+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-07T14:22:26+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHSSO 7.6.8", "product": { "name": "RHSSO 7.6.8", "product_id": "RHSSO 7.6.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Johannes Bergmann" ], "organization": "Bosch" } ], "cve": "CVE-2023-3597", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2023-07-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2221760" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: secondary factor bypass in step-up authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHSSO 7.6.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-3597" }, { "category": "external", "summary": "RHBZ#2221760", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221760" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-3597", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3597" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3597", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3597" } ], "release_date": "2024-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T20:04:32+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHSSO 7.6.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1866" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "RHSSO 7.6.8" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: secondary factor bypass in step-up authentication" }, { "cve": "CVE-2023-6484", "cwe": { "id": "CWE-117", "name": "Improper Output Neutralization for Logs" }, "discovery_date": "2023-11-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2248423" } ], "notes": [ { "category": "description", "text": "A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Log Injection during WebAuthn authentication or registration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHSSO 7.6.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6484" }, { "category": "external", "summary": "RHBZ#2248423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6484", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6484" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484" } ], "release_date": "2023-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T20:04:32+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHSSO 7.6.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1866" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "RHSSO 7.6.8" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: Log Injection during WebAuthn authentication or registration" }, { "acknowledgments": [ { "names": [ "Bastian Kanbach" ], "organization": "Secure Systems DE [bastian.kanbach@securesystems.de]" } ], "cve": "CVE-2023-6544", "cwe": { "id": "CWE-625", "name": "Permissive Regular Expression" }, "discovery_date": "2023-12-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2253116" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Authorization Bypass", "title": "Vulnerability summary" }, { "category": "other", "text": "Due to the high complexity of this attack, Red Hat considers this a Moderate impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHSSO 7.6.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6544" }, { "category": "external", "summary": "RHBZ#2253116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253116" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6544", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6544" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6544", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6544" } ], "release_date": "2024-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T20:04:32+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHSSO 7.6.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "category": "workaround", "details": "No mitigation is currently available for this flaw.", "product_ids": [ "RHSSO 7.6.8" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "RHSSO 7.6.8" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Authorization Bypass" }, { "acknowledgments": [ { "names": [ "Axel Flamcourt" ] } ], "cve": "CVE-2024-1132", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2024-01-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2262117" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: path transversal in redirection validation", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution, but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason, Quarkus is marked as having a Low impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHSSO 7.6.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1132" }, { "category": "external", "summary": "RHBZ#2262117", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1132", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1132" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132" } ], "release_date": "2024-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T20:04:32+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHSSO 7.6.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "category": "workaround", "details": "No current mitigation is available for this vulnerability.", "product_ids": [ "RHSSO 7.6.8" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "RHSSO 7.6.8" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: path transversal in redirection validation" }, { "acknowledgments": [ { "names": [ "Adriano M\u00e1rcio Monteiro" ] } ], "cve": "CVE-2024-1249", "cwe": { "id": "CWE-346", "name": "Origin Validation Error" }, "discovery_date": "2024-02-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2262918" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak\u0027s OIDC component in the \"checkLoginIframe,\" which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application\u0027s availability without proper origin validation for incoming messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerability in Keycloak\u0027s OIDC component allowing unvalidated cross-origin messages in the \"checkLoginIframe\" function represents an important severity issue due to its potential to cause significant disruption and resource exhaustion. Exploitation of this flaw can lead to a Denial of Service (DoS) condition, where malicious actors can overwhelm the server with a high volume of requests, impacting availability for legitimate users. The absence of proper origin validation means attackers can exploit this weakness relatively easily, leveraging automated scripts to flood the server within seconds.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHSSO 7.6.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1249" }, { "category": "external", "summary": "RHBZ#2262918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1249", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1249" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1249", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1249" } ], "release_date": "2024-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T20:04:32+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHSSO 7.6.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "RHSSO 7.6.8" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHSSO 7.6.8" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS" }, { "cve": "CVE-2024-1635", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2264928" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol", "title": "Vulnerability summary" }, { "category": "other", "text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHSSO 7.6.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1635" }, { "category": "external", "summary": "RHBZ#2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1635" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635" } ], "release_date": "2023-10-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T20:04:32+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHSSO 7.6.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "category": "workaround", "details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.", "product_ids": [ "RHSSO 7.6.8" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHSSO 7.6.8" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol" } ] }
rhsa-2024_1676
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:1676", "url": "https://access.redhat.com/errata/RHSA-2024:1676" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2166022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "category": "external", "summary": "2185662", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662" }, { "category": "external", "summary": "2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "external", "summary": "JBEAP-19969", "url": "https://issues.redhat.com/browse/JBEAP-19969" }, { "category": "external", "summary": "JBEAP-26168", "url": "https://issues.redhat.com/browse/JBEAP-26168" }, { "category": "external", "summary": "JBEAP-26280", "url": "https://issues.redhat.com/browse/JBEAP-26280" }, { "category": "external", "summary": "JBEAP-26291", "url": "https://issues.redhat.com/browse/JBEAP-26291" }, { "category": "external", "summary": "JBEAP-26318", "url": "https://issues.redhat.com/browse/JBEAP-26318" }, { "category": "external", "summary": "JBEAP-26343", "url": "https://issues.redhat.com/browse/JBEAP-26343" }, { "category": "external", "summary": "JBEAP-26355", "url": "https://issues.redhat.com/browse/JBEAP-26355" }, { "category": "external", "summary": "JBEAP-26414", "url": "https://issues.redhat.com/browse/JBEAP-26414" }, { "category": "external", "summary": "JBEAP-26467", "url": "https://issues.redhat.com/browse/JBEAP-26467" }, { "category": "external", "summary": "JBEAP-26533", "url": "https://issues.redhat.com/browse/JBEAP-26533" }, { "category": "external", "summary": "JBEAP-26552", "url": "https://issues.redhat.com/browse/JBEAP-26552" }, { "category": "external", "summary": "JBEAP-26587", "url": "https://issues.redhat.com/browse/JBEAP-26587" }, { "category": "external", "summary": "JBEAP-26616", "url": "https://issues.redhat.com/browse/JBEAP-26616" }, { "category": "external", "summary": "JBEAP-26617", "url": "https://issues.redhat.com/browse/JBEAP-26617" }, { "category": "external", "summary": "JBEAP-26636", "url": "https://issues.redhat.com/browse/JBEAP-26636" }, { "category": "external", "summary": "JBEAP-26660", "url": "https://issues.redhat.com/browse/JBEAP-26660" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1676.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update", "tracking": { "current_release_date": "2024-11-06T15:01:06+00:00", "generator": { "date": "2024-11-06T15:01:06+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:1676", "initial_release_date": "2024-04-04T15:23:45+00:00", "revision_history": [ { "date": "2024-04-04T15:23:45+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-04-04T15:23:45+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T15:01:06+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 9", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "product": { "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "product": { "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.4-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "product": { "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "product": { "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "product": { "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "product": { "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el9eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-3.SP3_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.22-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-18.redhat_00052.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.4-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-35.Final_redhat_00034.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-35.Final_redhat_00034.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "product_id": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-2.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "product_id": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-2.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "product_id": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-2.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.36-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.36-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_id": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-analyzers-common@5.5.5-6.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_id": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-backward-codecs@5.5.5-6.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_id": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-core@5.5.5-6.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_id": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-facet@5.5.5-6.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_id": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-misc@5.5.5-6.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_id": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-queries@5.5.5-6.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_id": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-queryparser@5.5.5-6.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product_id": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "product": { "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el9eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64" }, "product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src" }, "product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src" }, "product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-1973", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-02-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2185662" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: unrestricted request storage leads to memory exhaustion", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src" ], "known_not_affected": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1973" }, { "category": "external", "summary": "RHBZ#2185662", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1973" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973" } ], "release_date": "2024-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:45+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1676" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: unrestricted request storage leads to memory exhaustion" }, { "acknowledgments": [ { "names": [ "Ankur Sundara" ] } ], "cve": "CVE-2023-4639", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2023-01-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2166022" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Cookie Smuggling/Spoofing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src" ], "known_not_affected": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4639" }, { "category": "external", "summary": "RHBZ#2166022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4639" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639" } ], "release_date": "2024-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:45+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1676" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Cookie Smuggling/Spoofing" }, { "cve": "CVE-2023-48795", "cwe": { "id": "CWE-222", "name": "Truncation of Security-relevant Information" }, "discovery_date": "2023-12-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2254210" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-48795" }, { "category": "external", "summary": "RHBZ#2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, { "category": "external", "summary": "https://access.redhat.com/solutions/7071748", "url": "https://access.redhat.com/solutions/7071748" }, { "category": "external", "summary": "https://terrapin-attack.com/", "url": "https://terrapin-attack.com/" } ], "release_date": "2023-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:45+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1676" }, { "category": "workaround", "details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)" }, { "acknowledgments": [ { "names": [ "AAIB IT Unix Team" ] } ], "cve": "CVE-2024-1459", "cwe": { "id": "CWE-24", "name": "Path Traversal: \u0027../filedir\u0027" }, "discovery_date": "2024-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2259475" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: directory traversal vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1459" }, { "category": "external", "summary": "RHBZ#2259475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1459" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459" } ], "release_date": "2024-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:45+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1676" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: directory traversal vulnerability" }, { "cve": "CVE-2024-1635", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2264928" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol", "title": "Vulnerability summary" }, { "category": "other", "text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src" ], "known_not_affected": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1635" }, { "category": "external", "summary": "RHBZ#2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1635" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635" } ], "release_date": "2023-10-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-04T15:23:45+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1676" }, { "category": "workaround", "details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol" } ] }
rhsa-2024_1864
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A new image is available for Red Hat Single Sign-On 7.6.8, running on OpenShift Container Platform 3.10 and 3.11, and 4.3.\n\nThis is an enhancement and security update with Important impact rating and\npackage name \u0027rh-sso7-keycloak\u0027. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On is an integrated sign-on solution, available as a\nRed Hat JBoss Middleware for OpenShift containerized image. The Red Hat\nSingle Sign-On for OpenShift image provides an authentication server that\nyou can use to log in centrally, log out, and register. You can also manage\nuser accounts for web applications, mobile applications, and RESTful web\nservices.\n\nSecurity Fix(es):\n\n* Authorization Bypass (CVE-2023-6544)\n* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)\n* path transversal in redirection validation (CVE-2024-1132)\n* unvalidated cross-origin messages in checkLoginIframe leads to DDoS (CVE-2024-1249)\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol (CVE-2024-1635)\n\nThis erratum releases a new image for Red Hat Single Sign-On 7.6.8 for\nuse within the OpenShift Container Platform 3.10, OpenShift Container Platform\n3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:1864", "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2248423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423" }, { "category": "external", "summary": "2253116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253116" }, { "category": "external", "summary": "2262117", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117" }, { "category": "external", "summary": "2262918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918" }, { "category": "external", "summary": "2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1864.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.8 for OpenShift image enhancement and security update", "tracking": { "current_release_date": "2024-11-07T14:23:01+00:00", "generator": { "date": "2024-11-07T14:23:01+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:1864", "initial_release_date": "2024-04-16T19:54:17+00:00", "revision_history": [ { "date": "2024-04-16T19:54:17+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-04-16T19:54:17+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-07T14:23:01+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Middleware Containers for OpenShift", "product": { "name": "Middleware Containers for OpenShift", "product_id": "8Base-RHOSE-Middleware", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhosemc:1.0::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le", "product": { "name": "rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le", "product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le", "product_identification_helper": { "purl": "pkg:oci/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf?arch=ppc64le\u0026repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8\u0026tag=7.6-46" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64", "product": { "name": "rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64", "product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64", "product_identification_helper": { "purl": "pkg:oci/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d?arch=amd64\u0026repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8\u0026tag=7.6-46" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x", "product": { "name": "rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x", "product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x", "product_identification_helper": { "purl": "pkg:oci/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0?arch=s390x\u0026repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8\u0026tag=7.6-46" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64 as a component of Middleware Containers for OpenShift", "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64" }, "product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64", "relates_to_product_reference": "8Base-RHOSE-Middleware" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x as a component of Middleware Containers for OpenShift", "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x" }, "product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x", "relates_to_product_reference": "8Base-RHOSE-Middleware" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le as a component of Middleware Containers for OpenShift", "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le" }, "product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le", "relates_to_product_reference": "8Base-RHOSE-Middleware" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-6484", "cwe": { "id": "CWE-117", "name": "Improper Output Neutralization for Logs" }, "discovery_date": "2023-11-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2248423" } ], "notes": [ { "category": "description", "text": "A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Log Injection during WebAuthn authentication or registration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6484" }, { "category": "external", "summary": "RHBZ#2248423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6484", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6484" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484" } ], "release_date": "2023-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T19:54:17+00:00", "details": "To update to the latest Red Hat Single Sign-On 7.6.8 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.8.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.8 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1864" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: Log Injection during WebAuthn authentication or registration" }, { "acknowledgments": [ { "names": [ "Bastian Kanbach" ], "organization": "Secure Systems DE [bastian.kanbach@securesystems.de]" } ], "cve": "CVE-2023-6544", "cwe": { "id": "CWE-625", "name": "Permissive Regular Expression" }, "discovery_date": "2023-12-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2253116" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Authorization Bypass", "title": "Vulnerability summary" }, { "category": "other", "text": "Due to the high complexity of this attack, Red Hat considers this a Moderate impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6544" }, { "category": "external", "summary": "RHBZ#2253116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253116" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6544", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6544" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6544", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6544" } ], "release_date": "2024-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T19:54:17+00:00", "details": "To update to the latest Red Hat Single Sign-On 7.6.8 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.8.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.8 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "category": "workaround", "details": "No mitigation is currently available for this flaw.", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Authorization Bypass" }, { "acknowledgments": [ { "names": [ "Axel Flamcourt" ] } ], "cve": "CVE-2024-1132", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2024-01-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2262117" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: path transversal in redirection validation", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution, but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason, Quarkus is marked as having a Low impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1132" }, { "category": "external", "summary": "RHBZ#2262117", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1132", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1132" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132" } ], "release_date": "2024-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T19:54:17+00:00", "details": "To update to the latest Red Hat Single Sign-On 7.6.8 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.8.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.8 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "category": "workaround", "details": "No current mitigation is available for this vulnerability.", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: path transversal in redirection validation" }, { "acknowledgments": [ { "names": [ "Adriano M\u00e1rcio Monteiro" ] } ], "cve": "CVE-2024-1249", "cwe": { "id": "CWE-346", "name": "Origin Validation Error" }, "discovery_date": "2024-02-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2262918" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak\u0027s OIDC component in the \"checkLoginIframe,\" which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application\u0027s availability without proper origin validation for incoming messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerability in Keycloak\u0027s OIDC component allowing unvalidated cross-origin messages in the \"checkLoginIframe\" function represents an important severity issue due to its potential to cause significant disruption and resource exhaustion. Exploitation of this flaw can lead to a Denial of Service (DoS) condition, where malicious actors can overwhelm the server with a high volume of requests, impacting availability for legitimate users. The absence of proper origin validation means attackers can exploit this weakness relatively easily, leveraging automated scripts to flood the server within seconds.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1249" }, { "category": "external", "summary": "RHBZ#2262918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1249", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1249" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1249", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1249" } ], "release_date": "2024-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T19:54:17+00:00", "details": "To update to the latest Red Hat Single Sign-On 7.6.8 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.8.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.8 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS" }, { "cve": "CVE-2024-1635", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2264928" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol", "title": "Vulnerability summary" }, { "category": "other", "text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1635" }, { "category": "external", "summary": "RHBZ#2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1635" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635" } ], "release_date": "2023-10-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T19:54:17+00:00", "details": "To update to the latest Red Hat Single Sign-On 7.6.8 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.8.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.8 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "category": "workaround", "details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1909db8bc47fdb4f6512e08fb21ec1457f64fa0abf8edf2530f5bf5a494d9b6d_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1f842e8f262ece6cd98941fd29562251e19479eb4f4ba7cbd8e9a3bfa79325f0_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:b666f093f22ef27811114cca95c20aed890d4f3342116ab990d084cb2627d8cf_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol" } ] }
rhsa-2024_1860
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.6.8 deliverables are now available for Red Hat Enterprise Linux 7.\n\nThis is an enhancement and security update with Important impact rating and package name \u0027rh-sso7-keycloak\u0027. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.8 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.7, and includes bug fixes, security updates and\nenhancements which are linked to in the References.\n\nSecurity Fix(es):\n\n* Authorization Bypass (CVE-2023-6544)\n* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)\n* path transversal in redirection validation (CVE-2024-1132)\n* unvalidated cross-origin messages in checkLoginIframe leads to DDoS (CVE-2024-1249)\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:1860", "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2248423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423" }, { "category": "external", "summary": "2253116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253116" }, { "category": "external", "summary": "2262117", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117" }, { "category": "external", "summary": "2262918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918" }, { "category": "external", "summary": "2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1860.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.8 enhancement and security update on RHEL 7", "tracking": { "current_release_date": "2024-11-07T14:22:13+00:00", "generator": { "date": "2024-11-07T14:22:13+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:1860", "initial_release_date": "2024-04-16T19:55:02+00:00", "revision_history": [ { "date": "2024-04-16T19:55:02+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-04-16T19:55:02+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-07T14:22:13+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product": { "name": "Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src", "product": { "name": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src", "product_id": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.13-1.redhat_00001.1.el7sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.13-1.redhat_00001.1.el7sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.13-1.redhat_00001.1.el7sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src" }, "product_reference": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src", "relates_to_product_reference": "7Server-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-6484", "cwe": { "id": "CWE-117", "name": "Improper Output Neutralization for Logs" }, "discovery_date": "2023-11-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2248423" } ], "notes": [ { "category": "description", "text": "A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Log Injection during WebAuthn authentication or registration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6484" }, { "category": "external", "summary": "RHBZ#2248423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6484", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6484" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484" } ], "release_date": "2023-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T19:55:02+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1860" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: Log Injection during WebAuthn authentication or registration" }, { "acknowledgments": [ { "names": [ "Bastian Kanbach" ], "organization": "Secure Systems DE [bastian.kanbach@securesystems.de]" } ], "cve": "CVE-2023-6544", "cwe": { "id": "CWE-625", "name": "Permissive Regular Expression" }, "discovery_date": "2023-12-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2253116" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Authorization Bypass", "title": "Vulnerability summary" }, { "category": "other", "text": "Due to the high complexity of this attack, Red Hat considers this a Moderate impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6544" }, { "category": "external", "summary": "RHBZ#2253116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253116" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6544", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6544" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6544", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6544" } ], "release_date": "2024-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T19:55:02+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "category": "workaround", "details": "No mitigation is currently available for this flaw.", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Authorization Bypass" }, { "acknowledgments": [ { "names": [ "Axel Flamcourt" ] } ], "cve": "CVE-2024-1132", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2024-01-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2262117" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: path transversal in redirection validation", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution, but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason, Quarkus is marked as having a Low impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1132" }, { "category": "external", "summary": "RHBZ#2262117", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1132", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1132" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132" } ], "release_date": "2024-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T19:55:02+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "category": "workaround", "details": "No current mitigation is available for this vulnerability.", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: path transversal in redirection validation" }, { "acknowledgments": [ { "names": [ "Adriano M\u00e1rcio Monteiro" ] } ], "cve": "CVE-2024-1249", "cwe": { "id": "CWE-346", "name": "Origin Validation Error" }, "discovery_date": "2024-02-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2262918" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak\u0027s OIDC component in the \"checkLoginIframe,\" which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application\u0027s availability without proper origin validation for incoming messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerability in Keycloak\u0027s OIDC component allowing unvalidated cross-origin messages in the \"checkLoginIframe\" function represents an important severity issue due to its potential to cause significant disruption and resource exhaustion. Exploitation of this flaw can lead to a Denial of Service (DoS) condition, where malicious actors can overwhelm the server with a high volume of requests, impacting availability for legitimate users. The absence of proper origin validation means attackers can exploit this weakness relatively easily, leveraging automated scripts to flood the server within seconds.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1249" }, { "category": "external", "summary": "RHBZ#2262918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1249", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1249" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1249", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1249" } ], "release_date": "2024-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T19:55:02+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS" }, { "cve": "CVE-2024-1635", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2264928" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol", "title": "Vulnerability summary" }, { "category": "other", "text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1635" }, { "category": "external", "summary": "RHBZ#2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1635" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635" } ], "release_date": "2023-10-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T19:55:02+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "category": "workaround", "details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol" } ] }
rhsa-2024_1862
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.6.8 deliverables are now available for Red Hat\nEnterprise Linux 9.\n\nThis is an enhancement and security update with Important impact rating and\npackage name \u0027rh-sso7-keycloak\u0027. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.8 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.7, and includes bug fixes, security updates and\nenhancements which are linked to in the References.\nSecurity Fix(es):\n\n* Authorization Bypass (CVE-2023-6544)\n* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)\n* path transversal in redirection validation (CVE-2024-1132)\n* unvalidated cross-origin messages in checkLoginIframe leads to DDoS (CVE-2024-1249)\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in the\nReferences section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:1862", "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2248423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423" }, { "category": "external", "summary": "2253116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253116" }, { "category": "external", "summary": "2262117", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117" }, { "category": "external", "summary": "2262918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918" }, { "category": "external", "summary": "2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1862.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.8 security update on RHEL 9", "tracking": { "current_release_date": "2024-11-07T14:22:00+00:00", "generator": { "date": "2024-11-07T14:22:00+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:1862", "initial_release_date": "2024-04-16T19:55:19+00:00", "revision_history": [ { "date": "2024-04-16T19:55:19+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-04-16T19:55:19+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-07T14:22:00+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6 for RHEL 9", "product": { "name": "Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src", "product": { "name": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src", "product_id": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.13-1.redhat_00001.1.el9sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "product": { "name": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "product_id": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.13-1.redhat_00001.1.el9sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "product_id": "rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.13-1.redhat_00001.1.el9sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src" }, "product_reference": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-6484", "cwe": { "id": "CWE-117", "name": "Improper Output Neutralization for Logs" }, "discovery_date": "2023-11-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2248423" } ], "notes": [ { "category": "description", "text": "A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Log Injection during WebAuthn authentication or registration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6484" }, { "category": "external", "summary": "RHBZ#2248423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6484", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6484" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484" } ], "release_date": "2023-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T19:55:19+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1862" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: Log Injection during WebAuthn authentication or registration" }, { "acknowledgments": [ { "names": [ "Bastian Kanbach" ], "organization": "Secure Systems DE [bastian.kanbach@securesystems.de]" } ], "cve": "CVE-2023-6544", "cwe": { "id": "CWE-625", "name": "Permissive Regular Expression" }, "discovery_date": "2023-12-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2253116" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Authorization Bypass", "title": "Vulnerability summary" }, { "category": "other", "text": "Due to the high complexity of this attack, Red Hat considers this a Moderate impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6544" }, { "category": "external", "summary": "RHBZ#2253116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253116" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6544", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6544" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6544", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6544" } ], "release_date": "2024-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T19:55:19+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "category": "workaround", "details": "No mitigation is currently available for this flaw.", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Authorization Bypass" }, { "acknowledgments": [ { "names": [ "Axel Flamcourt" ] } ], "cve": "CVE-2024-1132", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2024-01-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2262117" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: path transversal in redirection validation", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution, but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason, Quarkus is marked as having a Low impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1132" }, { "category": "external", "summary": "RHBZ#2262117", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1132", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1132" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132" } ], "release_date": "2024-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T19:55:19+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "category": "workaround", "details": "No current mitigation is available for this vulnerability.", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: path transversal in redirection validation" }, { "acknowledgments": [ { "names": [ "Adriano M\u00e1rcio Monteiro" ] } ], "cve": "CVE-2024-1249", "cwe": { "id": "CWE-346", "name": "Origin Validation Error" }, "discovery_date": "2024-02-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2262918" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak\u0027s OIDC component in the \"checkLoginIframe,\" which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application\u0027s availability without proper origin validation for incoming messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerability in Keycloak\u0027s OIDC component allowing unvalidated cross-origin messages in the \"checkLoginIframe\" function represents an important severity issue due to its potential to cause significant disruption and resource exhaustion. Exploitation of this flaw can lead to a Denial of Service (DoS) condition, where malicious actors can overwhelm the server with a high volume of requests, impacting availability for legitimate users. The absence of proper origin validation means attackers can exploit this weakness relatively easily, leveraging automated scripts to flood the server within seconds.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1249" }, { "category": "external", "summary": "RHBZ#2262918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1249", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1249" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1249", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1249" } ], "release_date": "2024-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T19:55:19+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS" }, { "cve": "CVE-2024-1635", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2264928" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol", "title": "Vulnerability summary" }, { "category": "other", "text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1635" }, { "category": "external", "summary": "RHBZ#2264928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1635" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635" } ], "release_date": "2023-10-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-16T19:55:19+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "category": "workaround", "details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.13-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol" } ] }
wid-sec-w-2024-0869
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Oracle Communications umfasst branchenspezifische L\u00f6sungen f\u00fcr die Telekommunikationsbranche.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0869 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0869.json" }, { "category": "self", "summary": "WID-SEC-2024-0869 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0869" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - April 2024 - Appendix Oracle Communications vom 2024-04-16", "url": "https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixCGBU" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:1878 vom 2024-04-18", "url": "https://access.redhat.com/errata/RHSA-2024:1878" }, { "category": "external", "summary": "Gentoo Linux Security Advisory GLSA-202405-01 vom 2024-05-04", "url": "https://security.gentoo.org/glsa/202405-01" } ], "source_lang": "en-US", "title": "Oracle Communications: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-05-05T22:00:00.000+00:00", "generator": { "date": "2024-05-06T08:33:02.513+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0869", "initial_release_date": "2024-04-16T22:00:00.000+00:00", "revision_history": [ { "date": "2024-04-16T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-04-17T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-05-05T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Gentoo aufgenommen" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Gentoo Linux", "product": { "name": "Gentoo Linux", "product_id": "T012167", "product_identification_helper": { "cpe": "cpe:/o:gentoo:linux:-" } } } ], "category": "vendor", "name": "Gentoo" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "5", "product": { "name": "Oracle Communications 5.0", "product_id": "T021645", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:5.0" } } }, { "category": "product_version", "name": "22.4.0", "product": { "name": "Oracle Communications 22.4.0", "product_id": "T024981", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:22.4.0" } } }, { "category": "product_version", "name": "23.1.0", "product": { "name": "Oracle Communications 23.1.0", "product_id": "T027326", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.1.0" } } }, { "category": "product_version", "name": "23.2.0", "product": { "name": "Oracle Communications 23.2.0", "product_id": "T028682", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.2.0" } } }, { "category": "product_version", "name": "5.1", "product": { "name": "Oracle Communications 5.1", "product_id": "T028684", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:5.1" } } }, { "category": "product_version", "name": "23.2.2", "product": { "name": "Oracle Communications 23.2.2", "product_id": "T030583", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.2.2" } } }, { "category": "product_version", "name": "23.3.0", "product": { "name": "Oracle Communications 23.3.0", "product_id": "T030586", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.3.0" } } }, { "category": "product_version", "name": "9.0.0.0", "product": { "name": "Oracle Communications 9.0.0.0", "product_id": "T030589", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:9.0.0.0" } } }, { "category": "product_version_range", "name": "\u003c=7.2.1.0.0", "product": { "name": "Oracle Communications \u003c=7.2.1.0.0", "product_id": "T030593", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:7.2.1.0.0" } } }, { "category": "product_version_range", "name": "\u003c=9.0.2", "product": { "name": "Oracle Communications \u003c=9.0.2", "product_id": "T030595", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:9.0.2" } } }, { "category": "product_version", "name": "23.3.1", "product": { "name": "Oracle Communications 23.3.1", "product_id": "T032088", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.3.1" } } }, { "category": "product_version", "name": "23.4.0", "product": { "name": "Oracle Communications 23.4.0", "product_id": "T032091", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.4.0" } } }, { "category": "product_version", "name": "23.4.1", "product": { "name": "Oracle Communications 23.4.1", "product_id": "T034143", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.4.1" } } }, { "category": "product_version_range", "name": "\u003c=23.4.2", "product": { "name": "Oracle Communications \u003c=23.4.2", "product_id": "T034144", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.4.2" } } }, { "category": "product_version", "name": "24.1.0", "product": { "name": "Oracle Communications 24.1.0", "product_id": "T034145", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:24.1.0" } } }, { "category": "product_version", "name": "5.2", "product": { "name": "Oracle Communications 5.2", "product_id": "T034146", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:5.2" } } }, { "category": "product_version", "name": "24.1.0.0.0", "product": { "name": "Oracle Communications 24.1.0.0.0", "product_id": "T034147", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:24.1.0.0.0" } } }, { "category": "product_version", "name": "23.3.2", "product": { "name": "Oracle Communications 23.3.2", "product_id": "T034148", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.3.2" } } }, { "category": "product_version", "name": "14.0.0.0.0", "product": { "name": "Oracle Communications 14.0.0.0.0", "product_id": "T034149", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:14.0.0.0.0" } } }, { "category": "product_version", "name": "9.1.1.7.0", "product": { "name": "Oracle Communications 9.1.1.7.0", "product_id": "T034150", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:9.1.1.7.0" } } } ], "category": "product_name", "name": "Communications" } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-40152", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2022-40152" }, { "cve": "CVE-2022-40896", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2022-40896" }, { "cve": "CVE-2022-45688", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2022-45688" }, { "cve": "CVE-2023-2283", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-2283" }, { "cve": "CVE-2023-31122", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-31122" }, { "cve": "CVE-2023-33201", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-33201" }, { "cve": "CVE-2023-34053", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-34053" }, { "cve": "CVE-2023-34055", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-34055" }, { "cve": "CVE-2023-4016", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-4016" }, { "cve": "CVE-2023-41056", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-41056" }, { "cve": "CVE-2023-43496", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-43496" }, { "cve": "CVE-2023-44487", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-44487" }, { "cve": "CVE-2023-45142", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-45142" }, { "cve": "CVE-2023-4641", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-4641" }, { "cve": "CVE-2023-46589", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-46589" }, { "cve": "CVE-2023-47100", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-47100" }, { "cve": "CVE-2023-4863", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-4863" }, { "cve": "CVE-2023-48795", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-48795" }, { "cve": "CVE-2023-49083", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-49083" }, { "cve": "CVE-2023-5072", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-5072" }, { "cve": "CVE-2023-51074", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-51074" }, { "cve": "CVE-2023-51257", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-51257" }, { "cve": "CVE-2023-51775", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-51775" }, { "cve": "CVE-2023-5341", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-5341" }, { "cve": "CVE-2023-5363", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-5363" }, { "cve": "CVE-2023-6507", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-6507" }, { "cve": "CVE-2024-1635", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-1635" }, { "cve": "CVE-2024-21626", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-21626" }, { "cve": "CVE-2024-22201", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-22201" }, { "cve": "CVE-2024-22233", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-22233" }, { "cve": "CVE-2024-22257", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-22257" }, { "cve": "CVE-2024-22259", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-22259" }, { "cve": "CVE-2024-25062", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-25062" }, { "cve": "CVE-2024-26130", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-26130" }, { "cve": "CVE-2024-26308", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-26308" } ] }
wid-sec-w-2024-0910
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat Single Sign-On ist ein eigenst\u00e4ndiger Server, basierend auf dem Keycloak Projekt.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Single Sign On ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, DDoS-Angriffe durchzuf\u00fchren, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0910 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0910.json" }, { "category": "self", "summary": "WID-SEC-2024-0910 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0910" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2024-04-16", "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2024-04-16", "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2024-04-16", "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2024-04-16", "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2024-04-16", "url": "https://access.redhat.com/errata/RHSA-2024:1865" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2024-04-16", "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3762 vom 2024-06-10", "url": "https://access.redhat.com/errata/RHSA-2024:3762" }, { "category": "external", "summary": "RedHat Security Advisory", "url": "https://access.redhat.com/errata/RHSA-2024:3919" } ], "source_lang": "en-US", "title": "Red Hat Single Sign On: Mehrere Schwachstellen erm\u00f6glichen Umgehen von Sicherheitsvorkehrungen", "tracking": { "current_release_date": "2024-06-13T22:00:00.000+00:00", "generator": { "date": "2024-06-14T08:08:29.078+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0910", "initial_release_date": "2024-04-16T22:00:00.000+00:00", "revision_history": [ { "date": "2024-04-16T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-06-10T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-06-13T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "T035142", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "product_name", "name": "Enterprise Linux" }, { "branches": [ { "category": "product_version_range", "name": "\u003c7.6.8", "product": { "name": "Red Hat Single Sign On \u003c7.6.8", "product_id": "T034268", "product_identification_helper": { "cpe": "cpe:/a:redhat:single_sign_on:7.6.8" } } } ], "category": "product_name", "name": "Single Sign On" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-6484", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Red Hat Single Sign On. Diese Fehler bestehen in der Undertow-Komponente und im Keycloak-Paket aufgrund eines Out-of-Memory-, eines Pfad-Traversal- und eines permissiven regul\u00e4ren Ausdrucks, der f\u00fcr Filterungsprobleme hardcodiert wurde. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, DDoS-Angriffe durchzuf\u00fchren, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren." } ], "product_status": { "known_affected": [ "67646", "T035142" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-6484" }, { "cve": "CVE-2023-6544", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Red Hat Single Sign On. Diese Fehler bestehen in der Undertow-Komponente und im Keycloak-Paket aufgrund eines Out-of-Memory-, eines Pfad-Traversal- und eines permissiven regul\u00e4ren Ausdrucks, der f\u00fcr Filterungsprobleme hardcodiert wurde. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, DDoS-Angriffe durchzuf\u00fchren, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren." } ], "product_status": { "known_affected": [ "67646", "T035142" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-6544" }, { "cve": "CVE-2024-1132", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Red Hat Single Sign On. Diese Fehler bestehen in der Undertow-Komponente und im Keycloak-Paket aufgrund eines Out-of-Memory-, eines Pfad-Traversal- und eines permissiven regul\u00e4ren Ausdrucks, der f\u00fcr Filterungsprobleme hardcodiert wurde. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, DDoS-Angriffe durchzuf\u00fchren, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren." } ], "product_status": { "known_affected": [ "67646", "T035142" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-1132" }, { "cve": "CVE-2024-1249", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Red Hat Single Sign On. Diese Fehler bestehen in der Undertow-Komponente und im Keycloak-Paket aufgrund eines Out-of-Memory-, eines Pfad-Traversal- und eines permissiven regul\u00e4ren Ausdrucks, der f\u00fcr Filterungsprobleme hardcodiert wurde. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, DDoS-Angriffe durchzuf\u00fchren, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren." } ], "product_status": { "known_affected": [ "67646", "T035142" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-1249" }, { "cve": "CVE-2024-1635", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Red Hat Single Sign On. Diese Fehler bestehen in der Undertow-Komponente und im Keycloak-Paket aufgrund eines Out-of-Memory-, eines Pfad-Traversal- und eines permissiven regul\u00e4ren Ausdrucks, der f\u00fcr Filterungsprobleme hardcodiert wurde. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, DDoS-Angriffe durchzuf\u00fchren, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren." } ], "product_status": { "known_affected": [ "67646", "T035142" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-1635" } ] }
ghsa-w6qf-42m7-vh68
Vulnerability from github
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available.
At HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "io.undertow:undertow-core" }, "ranges": [ { "events": [ { "introduced": "2.3.0.Final" }, { "fixed": "2.3.12.Final" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "io.undertow:undertow-core" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.2.31.Final" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2024-1635" ], "database_specific": { "cwe_ids": [ "CWE-400" ], "github_reviewed": true, "github_reviewed_at": "2024-09-16T21:22:33Z", "nvd_published_at": "2024-02-19T22:15:48Z", "severity": "HIGH" }, "details": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \n\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.", "id": "GHSA-w6qf-42m7-vh68", "modified": "2024-09-16T21:22:33Z", "published": "2024-02-20T00:30:36Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635" }, { "type": "WEB", "url": "https://github.com/undertow-io/undertow/commit/3cdb104e225f34547ce9fd6eb8799eb68e040f19" }, { "type": "WEB", "url": "https://github.com/undertow-io/undertow/commit/7d388c5aae9b82afb63f24e3b6a2044838dfb4de" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2024:1674" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2024:1675" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2024:1676" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2024:1677" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "type": "WEB", "url": "https://access.redhat.com/security/cve/CVE-2024-1635" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "type": "PACKAGE", "url": "https://github.com/undertow-io/undertow" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20240322-0007" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" }, { "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "type": "CVSS_V4" } ], "summary": "Undertow Uncontrolled Resource Consumption Vulnerability" }
gsd-2024-1635
Vulnerability from gsd
{ "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2024-1635" ], "details": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.", "id": "GSD-2024-1635", "modified": "2024-02-20T06:02:28.028758Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2024-1635", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EAP 7.4.16", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } } ] } }, { "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.30-1.SP1_redhat_00001.1.el8eap", "versionType": "rpm" } ] } } ] } }, { "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.30-1.SP1_redhat_00001.1.el9eap", "versionType": "rpm" } ] } } ] } }, { "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.30-1.SP1_redhat_00001.1.el7eap", "versionType": "rpm" } ] } } ] } }, { "product_name": "Red Hat Single Sign-On 7.6 for RHEL 7", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:18.0.13-1.redhat_00001.1.el7sso", "versionType": "rpm" } ] } } ] } }, { "product_name": "Red Hat Single Sign-On 7.6 for RHEL 8", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:18.0.13-1.redhat_00001.1.el8sso", "versionType": "rpm" } ] } } ] } }, { "product_name": "Red Hat Single Sign-On 7.6 for RHEL 9", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:18.0.13-1.redhat_00001.1.el9sso", "versionType": "rpm" } ] } } ] } }, { "product_name": "RHEL-8 based Middleware Containers", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "7.6-46", "versionType": "rpm" } ] } } ] } }, { "product_name": "RHSSO 7.6.8", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } } ] } }, { "product_name": "OpenShift Serverless", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } } ] } }, { "product_name": "Red Hat build of Apache Camel 4.0 for Spring Boot", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } } ] } }, { "product_name": "Red Hat build of Apache Camel for Quarkus", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } } ] } }, { "product_name": "Red Hat build of Apache Camel for Spring Boot", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } } ] } }, { "product_name": "Red Hat Build of Keycloak", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } } ] } }, { "product_name": "Red Hat build of OptaPlanner 8", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } } ] } }, { "product_name": "Red Hat build of Quarkus", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } } ] } }, { "product_name": "Red Hat Data Grid 8", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } } ] } }, { "product_name": "Red Hat Integration Camel K", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } } ] } }, { "product_name": "Red Hat Integration Camel Quarkus", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } } ] } }, { "product_name": "Red Hat Integration Service Registry", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } } ] } }, { "product_name": "Red Hat JBoss A-MQ Streams", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } } ] } }, { "product_name": "Red Hat JBoss Data Grid 7", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } } ] } }, { "product_name": "Red Hat JBoss Enterprise Application Platform 8", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } } ] } }, { "product_name": "Red Hat JBoss Fuse 7", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } } ] } }, { "product_name": "Red Hat JBoss Fuse Service Works 6", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } } ] } }, { "product_name": "Red Hat Process Automation 7", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } } ] } } ] }, "vendor_name": "Red Hat" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak." } ] }, "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-400", "lang": "eng", "value": "Uncontrolled Resource Consumption" } ] } ] }, "references": { "reference_data": [ { "name": "https://access.redhat.com/errata/RHSA-2024:1674", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2024:1674" }, { "name": "https://access.redhat.com/errata/RHSA-2024:1675", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2024:1675" }, { "name": "https://access.redhat.com/errata/RHSA-2024:1676", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2024:1676" }, { "name": "https://access.redhat.com/errata/RHSA-2024:1677", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2024:1677" }, { "name": "https://access.redhat.com/errata/RHSA-2024:1860", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "name": "https://access.redhat.com/errata/RHSA-2024:1861", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "name": "https://access.redhat.com/errata/RHSA-2024:1862", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "name": "https://access.redhat.com/errata/RHSA-2024:1864", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "name": "https://access.redhat.com/errata/RHSA-2024:1866", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "name": "https://access.redhat.com/security/cve/CVE-2024-1635", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/CVE-2024-1635" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "name": "https://security.netapp.com/advisory/ntap-20240322-0007/", "refsource": "MISC", "url": "https://security.netapp.com/advisory/ntap-20240322-0007/" } ] }, "work_around": [ { "lang": "en", "value": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact." } ] }, "nvd.nist.gov": { "cve": { "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak." }, { "lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Undertow. Esta vulnerabilidad afecta a un servidor que admite el protocolo wildfly-http-client. Siempre que un usuario malintencionado abre y cierra una conexi\u00f3n con el puerto HTTP del servidor y luego cierra la conexi\u00f3n inmediatamente, el servidor finalizar\u00e1 con los l\u00edmites de memoria y de archivos abiertos agotados en alg\u00fan momento, dependiendo de la cantidad de memoria disponible. En la actualizaci\u00f3n HTTP a comunicaci\u00f3n remota, WriteTimeoutStreamSinkConduit pierde conexiones si RemotingConnection se cierra mediante Remoting ServerConnectionOpenListener. Debido a que la conexi\u00f3n remota se origina en Undertow como parte de la actualizaci\u00f3n HTTP, existe una capa externa a la conexi\u00f3n remota. Esta conexi\u00f3n desconoce la capa m\u00e1s externa al cerrar la conexi\u00f3n durante el procedimiento de apertura de la conexi\u00f3n. Por lo tanto, Undertow WriteTimeoutStreamSinkConduit no recibe notificaci\u00f3n de la conexi\u00f3n cerrada en este escenario. Debido a que WriteTimeoutStreamSinkConduit crea una tarea de tiempo de espera, todo el \u00e1rbol de dependencia se filtra a trav\u00e9s de esa tarea, que se agrega a XNIO WorkerThread. Entonces, el hilo de trabajo apunta al conducto Undertow, que contiene las conexiones y causa la fuga." } ], "id": "CVE-2024-1635", "lastModified": "2024-04-17T16:15:07.720", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary" } ] }, "published": "2024-02-19T22:15:48.647", "references": [ { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1674" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1675" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1676" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1677" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-1635" }, { "source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "source": "secalert@redhat.com", "url": "https://security.netapp.com/advisory/ntap-20240322-0007/" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-400" } ], "source": "secalert@redhat.com", "type": "Primary" } ] } } } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.