fkie_nvd - fkie_cve-2023-3171

FKIE_CVE-2023-3171

Vulnerability from fkie_nvd - Published: 2023-12-27 16:15 - Updated: 2024-11-21 08:16

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:5484	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:5485	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:5486	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:5488	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2023-3171	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2213639	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2023:5484	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2023:5485	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2023:5486	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2023:5488	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/security/cve/CVE-2023-3171	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=2213639	Issue Tracking

Impacted products

Vendor	Product	Version
redhat	jboss_enterprise_application_platform	7.4
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0
redhat	jboss_enterprise_application_platform	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "645A908C-18C2-4AB1-ACE7-3969E3A552A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*",
              "matchCriteriaId": "B8423D7F-3A8F-4AD8-BF51-245C9D8DD816",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una falla en EAP-7 durante la deserializaci\u00f3n de ciertas clases, lo que permite la creaci\u00f3n de instancias de HashMap y HashTable sin verificar los recursos consumidos. Este problema podr\u00eda permitir que un atacante env\u00ede solicitudes maliciosas utilizando estas clases, lo que eventualmente podr\u00eda agotar el mont\u00f3n y provocar una denegaci\u00f3n de servicio."
    }
  ],
  "id": "CVE-2023-3171",
  "lastModified": "2024-11-21T08:16:37.137",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-27T16:15:13.103",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:5484"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:5485"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:5486"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:5488"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-3171"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:5484"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:5485"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:5486"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:5488"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-3171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-789"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2023-3171 (GCVE-0-2023-3171)

Vulnerability from cvelistv5 – Published: 2023-12-27 15:45 – Updated: 2024-08-02 06:48

Summary

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-789 - Memory Allocation with Excessive Size Value

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2023:5484	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2023:5485	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2023:5486	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2023:5488	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2023-3171	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2213639	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

EAP 7.4.13

cpe:/a:redhat:jboss_enterprise_application_platform:7.4

Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:2.16.0-15.redhat_00049.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:1.76.0-4.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:3.3.19-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:5.3.31-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:1.5.15-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:2.0.13-2.SP1_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:1.12.2-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:1.10.0-31.Final_redhat_00030.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:3.8.10-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:1.4.5-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:4.1.94-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:4.1.94-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:3.15.8-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:2.2.26-1.SP1_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:7.4.13-8.GA_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:1.15.20-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:2.16.0-15.redhat_00049.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:1.76.0-4.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:3.3.19-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:5.3.31-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:1.5.15-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:2.0.13-2.SP1_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:1.12.2-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:1.10.0-31.Final_redhat_00030.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:3.8.10-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:1.4.5-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:4.1.94-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:4.1.94-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:3.15.8-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:2.2.26-1.SP1_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:7.4.13-8.GA_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:1.15.20-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:2.16.0-15.redhat_00049.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:1.76.0-4.redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:3.3.19-1.Final_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:5.3.31-1.Final_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:1.5.15-1.Final_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:2.0.13-2.SP1_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:1.12.2-1.Final_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:1.10.0-31.Final_redhat_00030.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:3.8.10-1.Final_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:1.4.5-1.Final_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:4.1.94-1.Final_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:4.1.94-1.Final_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:3.15.8-1.Final_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:2.2.26-1.SP1_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:7.4.13-8.GA_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:1.15.20-1.Final_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:48:08.117Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2023:5484",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:5484"
          },
          {
            "name": "RHSA-2023:5485",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:5485"
          },
          {
            "name": "RHSA-2023:5486",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:5486"
          },
          {
            "name": "RHSA-2023:5488",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:5488"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-3171"
          },
          {
            "name": "RHBZ#2213639",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "server",
          "product": "EAP 7.4.13",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-activemq-artemis",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.16.0-15.redhat_00049.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-bouncycastle",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.76.0-4.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hal-console",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.19-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hibernate",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.3.31-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-ironjacamar",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.15-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-marshalling",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.13-2.SP1_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-modules",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.12.2-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-server-migration",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.10.0-31.Final_redhat_00030.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-xnio-base",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.10-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-mod_cluster",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.4.5-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-netty",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.1.94-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-netty-transport-native-epoll",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.1.94-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-resteasy",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.15.8-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.26-1.SP1_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.13-8.GA_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly-elytron",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.15.20-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-activemq-artemis",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.16.0-15.redhat_00049.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-bouncycastle",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.76.0-4.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hal-console",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.19-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hibernate",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.3.31-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-ironjacamar",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.15-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-marshalling",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.13-2.SP1_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-modules",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.12.2-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-server-migration",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.10.0-31.Final_redhat_00030.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-xnio-base",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.10-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-mod_cluster",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.4.5-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-netty",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.1.94-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-netty-transport-native-epoll",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.1.94-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-resteasy",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.15.8-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.26-1.SP1_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.13-8.GA_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly-elytron",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.15.20-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-activemq-artemis",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.16.0-15.redhat_00049.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-bouncycastle",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.76.0-4.redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hal-console",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.19-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hibernate",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.3.31-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-ironjacamar",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.15-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-marshalling",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.13-2.SP1_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-modules",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.12.2-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-server-migration",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.10.0-31.Final_redhat_00030.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-xnio-base",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.10-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-mod_cluster",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.4.5-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-netty",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.1.94-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-netty-transport-native-epoll",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.1.94-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-resteasy",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.15.8-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.26-1.SP1_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.13-8.GA_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly-elytron",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.15.20-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2023-10-05T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "Memory Allocation with Excessive Size Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-03T15:32:36.759Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2023:5484",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:5484"
        },
        {
          "name": "RHSA-2023:5485",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:5485"
        },
        {
          "name": "RHSA-2023:5486",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:5486"
        },
        {
          "name": "RHSA-2023:5488",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:5488"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-3171"
        },
        {
          "name": "RHBZ#2213639",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-04-20T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-10-05T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Eap-7: heap exhaustion via deserialization",
      "x_redhatCweChain": "CWE-789: Memory Allocation with Excessive Size Value"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-3171",
    "datePublished": "2023-12-27T15:45:33.293Z",
    "dateReserved": "2023-06-08T19:52:58.072Z",
    "dateUpdated": "2024-08-02T06:48:08.117Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2023-3171

CVE-2023-3171 (GCVE-0-2023-3171)

Tags

Sightings

Nomenclature