rhea-2023_7327
Vulnerability from csaf_redhat
Published
2023-11-16 12:15
Modified
2024-09-18 19:47
Summary
Red Hat Enhancement Advisory: Red Hat 3scale API Management 2.13.7 Release - Container Images
Notes
Topic
Red Hat 3scale API Management 2.13.7 Release - Container Images
Details
Release of 3scale API Management components provides these changes:
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat 3scale API Management 2.13.7 Release - Container Images", "title": "Topic" }, { "category": "general", "text": "Release of 3scale API Management components provides these changes:", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHEA-2023:7327", "url": "https://access.redhat.com/errata/RHEA-2023:7327" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhea-2023_7327.json" } ], "title": "Red Hat Enhancement Advisory: Red Hat 3scale API Management 2.13.7 Release - Container Images", "tracking": { "current_release_date": "2024-09-18T19:47:21+00:00", "generator": { "date": "2024-09-18T19:47:21+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHEA-2023:7327", "initial_release_date": "2023-11-16T12:15:55+00:00", "revision_history": [ { "date": "2023-11-16T12:15:55+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-11-16T12:15:55+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T19:47:21+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat 3Scale 2.13", "product": { "name": "Red Hat 3Scale 2.13", "product_id": "8Base-3SCALE-2.13", "product_identification_helper": { "cpe": "cpe:/a:redhat:3scale:2.13::el8" } } }, { "category": "product_name", "name": "Red Hat 3Scale 2.13", "product": { "name": "Red Hat 3Scale 2.13", "product_id": "7Server-3SCALE-2.13", "product_identification_helper": { "cpe": "cpe:/a:redhat:3scale:2.13::el7" } } } ], "category": "product_family", "name": "3scale API Management" }, { "branches": [ { "category": "product_version", "name": "3scale-amp2/apicast-gateway-rhel8@sha256:8b98559a9d68b7169664db60c8e492cdf3319771bcffafbd50468e93cfef9cfe_s390x", "product": { "name": "3scale-amp2/apicast-gateway-rhel8@sha256:8b98559a9d68b7169664db60c8e492cdf3319771bcffafbd50468e93cfef9cfe_s390x", "product_id": "3scale-amp2/apicast-gateway-rhel8@sha256:8b98559a9d68b7169664db60c8e492cdf3319771bcffafbd50468e93cfef9cfe_s390x", "product_identification_helper": { "purl": "pkg:oci/apicast-gateway-rhel8@sha256:8b98559a9d68b7169664db60c8e492cdf3319771bcffafbd50468e93cfef9cfe?arch=s390x\u0026repository_url=registry.redhat.io/3scale-amp2/apicast-gateway-rhel8\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/backend-rhel8@sha256:3f67636d93ed7e1a5fd0ae3a9bc41e0ca4b80180d40638ffc9fc11e682740bfc_s390x", "product": { "name": "3scale-amp2/backend-rhel8@sha256:3f67636d93ed7e1a5fd0ae3a9bc41e0ca4b80180d40638ffc9fc11e682740bfc_s390x", "product_id": "3scale-amp2/backend-rhel8@sha256:3f67636d93ed7e1a5fd0ae3a9bc41e0ca4b80180d40638ffc9fc11e682740bfc_s390x", "product_identification_helper": { "purl": "pkg:oci/backend-rhel8@sha256:3f67636d93ed7e1a5fd0ae3a9bc41e0ca4b80180d40638ffc9fc11e682740bfc?arch=s390x\u0026repository_url=registry.redhat.io/3scale-amp2/backend-rhel8\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/memcached-rhel7@sha256:e66fe95ce5d29279dba41959c86a6c1c19d6e69cc4198bb1a6c994fbab47b009_s390x", "product": { "name": "3scale-amp2/memcached-rhel7@sha256:e66fe95ce5d29279dba41959c86a6c1c19d6e69cc4198bb1a6c994fbab47b009_s390x", "product_id": "3scale-amp2/memcached-rhel7@sha256:e66fe95ce5d29279dba41959c86a6c1c19d6e69cc4198bb1a6c994fbab47b009_s390x", "product_identification_helper": { "purl": "pkg:oci/memcached-rhel7@sha256:e66fe95ce5d29279dba41959c86a6c1c19d6e69cc4198bb1a6c994fbab47b009?arch=s390x\u0026repository_url=registry.redhat.io/3scale-amp2/memcached-rhel7\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/system-rhel7@sha256:e1ac0bd8d5178e30712cb9a1e88874a8c2093d562fa44bbf80ec131ae30a4e71_s390x", "product": { "name": "3scale-amp2/system-rhel7@sha256:e1ac0bd8d5178e30712cb9a1e88874a8c2093d562fa44bbf80ec131ae30a4e71_s390x", "product_id": "3scale-amp2/system-rhel7@sha256:e1ac0bd8d5178e30712cb9a1e88874a8c2093d562fa44bbf80ec131ae30a4e71_s390x", "product_identification_helper": { "purl": "pkg:oci/system-rhel7@sha256:e1ac0bd8d5178e30712cb9a1e88874a8c2093d562fa44bbf80ec131ae30a4e71?arch=s390x\u0026repository_url=registry.redhat.io/3scale-amp2/system-rhel7\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/zync-rhel8@sha256:eaa567f706c71f6351d4db8434094d5cf1e89c0c8aa2abee66734bf1225929f4_s390x", "product": { "name": "3scale-amp2/zync-rhel8@sha256:eaa567f706c71f6351d4db8434094d5cf1e89c0c8aa2abee66734bf1225929f4_s390x", "product_id": "3scale-amp2/zync-rhel8@sha256:eaa567f706c71f6351d4db8434094d5cf1e89c0c8aa2abee66734bf1225929f4_s390x", "product_identification_helper": { "purl": "pkg:oci/zync-rhel8@sha256:eaa567f706c71f6351d4db8434094d5cf1e89c0c8aa2abee66734bf1225929f4?arch=s390x\u0026repository_url=registry.redhat.io/3scale-amp2/zync-rhel8\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:cb9e6381aa2b748a0ca7d6a90de784bfded5a57e0446df6b217b9b5112dfa9bc_s390x", "product": { "name": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:cb9e6381aa2b748a0ca7d6a90de784bfded5a57e0446df6b217b9b5112dfa9bc_s390x", "product_id": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:cb9e6381aa2b748a0ca7d6a90de784bfded5a57e0446df6b217b9b5112dfa9bc_s390x", "product_identification_helper": { "purl": "pkg:oci/apicast-rhel7-operator-metadata@sha256:cb9e6381aa2b748a0ca7d6a90de784bfded5a57e0446df6b217b9b5112dfa9bc?arch=s390x\u0026repository_url=registry.redhat.io/3scale-amp2/apicast-rhel7-operator-metadata\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/apicast-rhel7-operator@sha256:f6b3e65a3acfdd12f3c091deecd95b86932ad1a0174d303a05fecca54c1cbc70_s390x", "product": { "name": "3scale-amp2/apicast-rhel7-operator@sha256:f6b3e65a3acfdd12f3c091deecd95b86932ad1a0174d303a05fecca54c1cbc70_s390x", "product_id": "3scale-amp2/apicast-rhel7-operator@sha256:f6b3e65a3acfdd12f3c091deecd95b86932ad1a0174d303a05fecca54c1cbc70_s390x", "product_identification_helper": { "purl": "pkg:oci/apicast-rhel7-operator@sha256:f6b3e65a3acfdd12f3c091deecd95b86932ad1a0174d303a05fecca54c1cbc70?arch=s390x\u0026repository_url=registry.redhat.io/3scale-amp2/apicast-rhel7-operator\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:7f09c8239d22e839a201e2baa598ded32f15f66b2736d51159c4c3710d34b472_s390x", "product": { "name": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:7f09c8239d22e839a201e2baa598ded32f15f66b2736d51159c4c3710d34b472_s390x", "product_id": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:7f09c8239d22e839a201e2baa598ded32f15f66b2736d51159c4c3710d34b472_s390x", "product_identification_helper": { "purl": "pkg:oci/3scale-rhel7-operator-metadata@sha256:7f09c8239d22e839a201e2baa598ded32f15f66b2736d51159c4c3710d34b472?arch=s390x\u0026repository_url=registry.redhat.io/3scale-amp2/3scale-rhel7-operator-metadata\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/3scale-rhel7-operator@sha256:bde9ba77661146621d353e6d0827060292c72b8542ae8fd5d3790411a823c639_s390x", "product": { "name": "3scale-amp2/3scale-rhel7-operator@sha256:bde9ba77661146621d353e6d0827060292c72b8542ae8fd5d3790411a823c639_s390x", "product_id": "3scale-amp2/3scale-rhel7-operator@sha256:bde9ba77661146621d353e6d0827060292c72b8542ae8fd5d3790411a823c639_s390x", "product_identification_helper": { "purl": "pkg:oci/3scale-rhel7-operator@sha256:bde9ba77661146621d353e6d0827060292c72b8542ae8fd5d3790411a823c639?arch=s390x\u0026repository_url=registry.redhat.io/3scale-amp2/3scale-rhel7-operator\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/toolbox-rhel8@sha256:480e758bf61a1c77545daa8d078bf1f26ccfd5153723ea6e1159e61e5f11a5d0_s390x", "product": { "name": "3scale-amp2/toolbox-rhel8@sha256:480e758bf61a1c77545daa8d078bf1f26ccfd5153723ea6e1159e61e5f11a5d0_s390x", "product_id": "3scale-amp2/toolbox-rhel8@sha256:480e758bf61a1c77545daa8d078bf1f26ccfd5153723ea6e1159e61e5f11a5d0_s390x", "product_identification_helper": { "purl": "pkg:oci/toolbox-rhel8@sha256:480e758bf61a1c77545daa8d078bf1f26ccfd5153723ea6e1159e61e5f11a5d0?arch=s390x\u0026repository_url=registry.redhat.io/3scale-amp2/toolbox-rhel8\u0026tag=3scale2.13.7" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "3scale-amp2/apicast-gateway-rhel8@sha256:c352f6912a4e54bfe725360994674b4ce8a815777db7d3554b6634e341d1ed5a_ppc64le", "product": { "name": "3scale-amp2/apicast-gateway-rhel8@sha256:c352f6912a4e54bfe725360994674b4ce8a815777db7d3554b6634e341d1ed5a_ppc64le", "product_id": "3scale-amp2/apicast-gateway-rhel8@sha256:c352f6912a4e54bfe725360994674b4ce8a815777db7d3554b6634e341d1ed5a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/apicast-gateway-rhel8@sha256:c352f6912a4e54bfe725360994674b4ce8a815777db7d3554b6634e341d1ed5a?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/apicast-gateway-rhel8\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/backend-rhel8@sha256:081ef7a49e91fd6a88a89e3d5c61f47f59658a3688635dc9680e7182f5af74c5_ppc64le", "product": { "name": "3scale-amp2/backend-rhel8@sha256:081ef7a49e91fd6a88a89e3d5c61f47f59658a3688635dc9680e7182f5af74c5_ppc64le", "product_id": "3scale-amp2/backend-rhel8@sha256:081ef7a49e91fd6a88a89e3d5c61f47f59658a3688635dc9680e7182f5af74c5_ppc64le", "product_identification_helper": { "purl": "pkg:oci/backend-rhel8@sha256:081ef7a49e91fd6a88a89e3d5c61f47f59658a3688635dc9680e7182f5af74c5?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/backend-rhel8\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/memcached-rhel7@sha256:92320cd96dfb3e5279825f6a019c8c3c6d365252474dc4fe1ec9196d7e9d579f_ppc64le", "product": { "name": "3scale-amp2/memcached-rhel7@sha256:92320cd96dfb3e5279825f6a019c8c3c6d365252474dc4fe1ec9196d7e9d579f_ppc64le", "product_id": "3scale-amp2/memcached-rhel7@sha256:92320cd96dfb3e5279825f6a019c8c3c6d365252474dc4fe1ec9196d7e9d579f_ppc64le", "product_identification_helper": { "purl": "pkg:oci/memcached-rhel7@sha256:92320cd96dfb3e5279825f6a019c8c3c6d365252474dc4fe1ec9196d7e9d579f?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/memcached-rhel7\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/system-rhel7@sha256:f42d5705204ffbdbd3d72764d3a69008cad4b2384d630a44d5f700cdbba24a88_ppc64le", "product": { "name": "3scale-amp2/system-rhel7@sha256:f42d5705204ffbdbd3d72764d3a69008cad4b2384d630a44d5f700cdbba24a88_ppc64le", "product_id": "3scale-amp2/system-rhel7@sha256:f42d5705204ffbdbd3d72764d3a69008cad4b2384d630a44d5f700cdbba24a88_ppc64le", "product_identification_helper": { "purl": "pkg:oci/system-rhel7@sha256:f42d5705204ffbdbd3d72764d3a69008cad4b2384d630a44d5f700cdbba24a88?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/system-rhel7\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/zync-rhel8@sha256:4e785267cfbe9e1bd7bb819606796cd6b7d1765bf6450870e66ef5a4e7e1fbb0_ppc64le", "product": { "name": "3scale-amp2/zync-rhel8@sha256:4e785267cfbe9e1bd7bb819606796cd6b7d1765bf6450870e66ef5a4e7e1fbb0_ppc64le", "product_id": "3scale-amp2/zync-rhel8@sha256:4e785267cfbe9e1bd7bb819606796cd6b7d1765bf6450870e66ef5a4e7e1fbb0_ppc64le", "product_identification_helper": { "purl": "pkg:oci/zync-rhel8@sha256:4e785267cfbe9e1bd7bb819606796cd6b7d1765bf6450870e66ef5a4e7e1fbb0?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/zync-rhel8\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:6da016547c24d2c1e044ae8f6639da6a2975792583501d4fd7d9839935941739_ppc64le", "product": { "name": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:6da016547c24d2c1e044ae8f6639da6a2975792583501d4fd7d9839935941739_ppc64le", "product_id": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:6da016547c24d2c1e044ae8f6639da6a2975792583501d4fd7d9839935941739_ppc64le", "product_identification_helper": { "purl": "pkg:oci/apicast-rhel7-operator-metadata@sha256:6da016547c24d2c1e044ae8f6639da6a2975792583501d4fd7d9839935941739?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/apicast-rhel7-operator-metadata\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/apicast-rhel7-operator@sha256:89b3c616730f3d88082e44fd9008c8c58dc85f7e3e55cf6817efc406e37fd861_ppc64le", "product": { "name": "3scale-amp2/apicast-rhel7-operator@sha256:89b3c616730f3d88082e44fd9008c8c58dc85f7e3e55cf6817efc406e37fd861_ppc64le", "product_id": "3scale-amp2/apicast-rhel7-operator@sha256:89b3c616730f3d88082e44fd9008c8c58dc85f7e3e55cf6817efc406e37fd861_ppc64le", "product_identification_helper": { "purl": "pkg:oci/apicast-rhel7-operator@sha256:89b3c616730f3d88082e44fd9008c8c58dc85f7e3e55cf6817efc406e37fd861?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/apicast-rhel7-operator\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/3scale-auth-wasm-rhel8@sha256:a3641417e69305f6aaffe22459879e0c550eabd5d814d19896a417a1aabb4c9f_ppc64le", "product": { "name": "3scale-amp2/3scale-auth-wasm-rhel8@sha256:a3641417e69305f6aaffe22459879e0c550eabd5d814d19896a417a1aabb4c9f_ppc64le", "product_id": "3scale-amp2/3scale-auth-wasm-rhel8@sha256:a3641417e69305f6aaffe22459879e0c550eabd5d814d19896a417a1aabb4c9f_ppc64le", "product_identification_helper": { "purl": "pkg:oci/3scale-auth-wasm-rhel8@sha256:a3641417e69305f6aaffe22459879e0c550eabd5d814d19896a417a1aabb4c9f?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/3scale-auth-wasm-rhel8\u0026tag=3scale2.13.6" } } }, { "category": "product_version", "name": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:7640944214f9431f5783368d7c9a5a25fcb1b1c897755c07872138a5bf5ec6f7_ppc64le", "product": { "name": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:7640944214f9431f5783368d7c9a5a25fcb1b1c897755c07872138a5bf5ec6f7_ppc64le", "product_id": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:7640944214f9431f5783368d7c9a5a25fcb1b1c897755c07872138a5bf5ec6f7_ppc64le", "product_identification_helper": { "purl": "pkg:oci/3scale-rhel7-operator-metadata@sha256:7640944214f9431f5783368d7c9a5a25fcb1b1c897755c07872138a5bf5ec6f7?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/3scale-rhel7-operator-metadata\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/3scale-rhel7-operator@sha256:cb57b7338561b5e2c18759726847e33a164f95440b9e5682654638297d5c5f69_ppc64le", "product": { "name": "3scale-amp2/3scale-rhel7-operator@sha256:cb57b7338561b5e2c18759726847e33a164f95440b9e5682654638297d5c5f69_ppc64le", "product_id": "3scale-amp2/3scale-rhel7-operator@sha256:cb57b7338561b5e2c18759726847e33a164f95440b9e5682654638297d5c5f69_ppc64le", "product_identification_helper": { "purl": "pkg:oci/3scale-rhel7-operator@sha256:cb57b7338561b5e2c18759726847e33a164f95440b9e5682654638297d5c5f69?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/3scale-rhel7-operator\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/toolbox-rhel8@sha256:31b55a31c944120649adef59b3ed41ebb252acff454fafe9dd5bf5990abf7d1b_ppc64le", "product": { "name": "3scale-amp2/toolbox-rhel8@sha256:31b55a31c944120649adef59b3ed41ebb252acff454fafe9dd5bf5990abf7d1b_ppc64le", "product_id": "3scale-amp2/toolbox-rhel8@sha256:31b55a31c944120649adef59b3ed41ebb252acff454fafe9dd5bf5990abf7d1b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/toolbox-rhel8@sha256:31b55a31c944120649adef59b3ed41ebb252acff454fafe9dd5bf5990abf7d1b?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/toolbox-rhel8\u0026tag=3scale2.13.7" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "3scale-amp2/apicast-gateway-rhel8@sha256:d8cc91c649553c49e0da15f7ab7466be2e78ef3e00c2a7b743f69c1891b75dd5_amd64", "product": { "name": "3scale-amp2/apicast-gateway-rhel8@sha256:d8cc91c649553c49e0da15f7ab7466be2e78ef3e00c2a7b743f69c1891b75dd5_amd64", "product_id": "3scale-amp2/apicast-gateway-rhel8@sha256:d8cc91c649553c49e0da15f7ab7466be2e78ef3e00c2a7b743f69c1891b75dd5_amd64", "product_identification_helper": { "purl": "pkg:oci/apicast-gateway-rhel8@sha256:d8cc91c649553c49e0da15f7ab7466be2e78ef3e00c2a7b743f69c1891b75dd5?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/apicast-gateway-rhel8\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/backend-rhel8@sha256:e18b80f1a9a2282f7073c91c4f17fb4e24aa4cf95dd17fe384f61fd844a0f48b_amd64", "product": { "name": "3scale-amp2/backend-rhel8@sha256:e18b80f1a9a2282f7073c91c4f17fb4e24aa4cf95dd17fe384f61fd844a0f48b_amd64", "product_id": "3scale-amp2/backend-rhel8@sha256:e18b80f1a9a2282f7073c91c4f17fb4e24aa4cf95dd17fe384f61fd844a0f48b_amd64", "product_identification_helper": { "purl": "pkg:oci/backend-rhel8@sha256:e18b80f1a9a2282f7073c91c4f17fb4e24aa4cf95dd17fe384f61fd844a0f48b?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/backend-rhel8\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/memcached-rhel7@sha256:e42b92c87ce020174445ebb0d506dfff90da15c6710a2a1a046a61ad39052b90_amd64", "product": { "name": "3scale-amp2/memcached-rhel7@sha256:e42b92c87ce020174445ebb0d506dfff90da15c6710a2a1a046a61ad39052b90_amd64", "product_id": "3scale-amp2/memcached-rhel7@sha256:e42b92c87ce020174445ebb0d506dfff90da15c6710a2a1a046a61ad39052b90_amd64", "product_identification_helper": { "purl": "pkg:oci/memcached-rhel7@sha256:e42b92c87ce020174445ebb0d506dfff90da15c6710a2a1a046a61ad39052b90?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/memcached-rhel7\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/system-rhel7@sha256:18bdf176bc553ddf16c6738159c57b78b081ab646a051c130814cc84fcb3367f_amd64", "product": { "name": "3scale-amp2/system-rhel7@sha256:18bdf176bc553ddf16c6738159c57b78b081ab646a051c130814cc84fcb3367f_amd64", "product_id": "3scale-amp2/system-rhel7@sha256:18bdf176bc553ddf16c6738159c57b78b081ab646a051c130814cc84fcb3367f_amd64", "product_identification_helper": { "purl": "pkg:oci/system-rhel7@sha256:18bdf176bc553ddf16c6738159c57b78b081ab646a051c130814cc84fcb3367f?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/system-rhel7\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/zync-rhel8@sha256:13b6435c608b33a410e9766729a16f72b266158f5b176640cc8c8b46d5fd8987_amd64", "product": { "name": "3scale-amp2/zync-rhel8@sha256:13b6435c608b33a410e9766729a16f72b266158f5b176640cc8c8b46d5fd8987_amd64", "product_id": "3scale-amp2/zync-rhel8@sha256:13b6435c608b33a410e9766729a16f72b266158f5b176640cc8c8b46d5fd8987_amd64", "product_identification_helper": { "purl": "pkg:oci/zync-rhel8@sha256:13b6435c608b33a410e9766729a16f72b266158f5b176640cc8c8b46d5fd8987?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/zync-rhel8\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:868ecb3ffa5a83b3eda3f7f4ba31dad0e57e97b857b657a46c8bbdfa69a27922_amd64", "product": { "name": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:868ecb3ffa5a83b3eda3f7f4ba31dad0e57e97b857b657a46c8bbdfa69a27922_amd64", "product_id": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:868ecb3ffa5a83b3eda3f7f4ba31dad0e57e97b857b657a46c8bbdfa69a27922_amd64", "product_identification_helper": { "purl": "pkg:oci/apicast-rhel7-operator-metadata@sha256:868ecb3ffa5a83b3eda3f7f4ba31dad0e57e97b857b657a46c8bbdfa69a27922?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/apicast-rhel7-operator-metadata\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/apicast-rhel7-operator@sha256:4975248f24d7a5bb414729f66d98957cdac23cabefb1b6b8b60bc50d5e4a4ec7_amd64", "product": { "name": "3scale-amp2/apicast-rhel7-operator@sha256:4975248f24d7a5bb414729f66d98957cdac23cabefb1b6b8b60bc50d5e4a4ec7_amd64", "product_id": "3scale-amp2/apicast-rhel7-operator@sha256:4975248f24d7a5bb414729f66d98957cdac23cabefb1b6b8b60bc50d5e4a4ec7_amd64", "product_identification_helper": { "purl": "pkg:oci/apicast-rhel7-operator@sha256:4975248f24d7a5bb414729f66d98957cdac23cabefb1b6b8b60bc50d5e4a4ec7?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/apicast-rhel7-operator\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/3scale-auth-wasm-rhel8@sha256:6482676ba77f470ff671ac523674e86a609cfa064b59edeba84f5431423fba8d_amd64", "product": { "name": "3scale-amp2/3scale-auth-wasm-rhel8@sha256:6482676ba77f470ff671ac523674e86a609cfa064b59edeba84f5431423fba8d_amd64", "product_id": "3scale-amp2/3scale-auth-wasm-rhel8@sha256:6482676ba77f470ff671ac523674e86a609cfa064b59edeba84f5431423fba8d_amd64", "product_identification_helper": { "purl": "pkg:oci/3scale-auth-wasm-rhel8@sha256:6482676ba77f470ff671ac523674e86a609cfa064b59edeba84f5431423fba8d?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/3scale-auth-wasm-rhel8\u0026tag=3scale2.13.6" } } }, { "category": "product_version", "name": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:352ab243649889842cf0f326cd4fce1868cfa57eb544f553eea8a6cdd6cb4d3e_amd64", "product": { "name": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:352ab243649889842cf0f326cd4fce1868cfa57eb544f553eea8a6cdd6cb4d3e_amd64", "product_id": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:352ab243649889842cf0f326cd4fce1868cfa57eb544f553eea8a6cdd6cb4d3e_amd64", "product_identification_helper": { "purl": "pkg:oci/3scale-rhel7-operator-metadata@sha256:352ab243649889842cf0f326cd4fce1868cfa57eb544f553eea8a6cdd6cb4d3e?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/3scale-rhel7-operator-metadata\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/3scale-rhel7-operator@sha256:f4508a6fffd3e604942e0e12239707e05cc5657765c100fb9953f0405206fd39_amd64", "product": { "name": "3scale-amp2/3scale-rhel7-operator@sha256:f4508a6fffd3e604942e0e12239707e05cc5657765c100fb9953f0405206fd39_amd64", "product_id": "3scale-amp2/3scale-rhel7-operator@sha256:f4508a6fffd3e604942e0e12239707e05cc5657765c100fb9953f0405206fd39_amd64", "product_identification_helper": { "purl": "pkg:oci/3scale-rhel7-operator@sha256:f4508a6fffd3e604942e0e12239707e05cc5657765c100fb9953f0405206fd39?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/3scale-rhel7-operator\u0026tag=3scale2.13.7" } } }, { "category": "product_version", "name": "3scale-amp2/toolbox-rhel8@sha256:4c3dc23845a2a2a4428e1d3c92f8154d6af74a4cd3b85770c7de41dc6cfe8432_amd64", "product": { "name": "3scale-amp2/toolbox-rhel8@sha256:4c3dc23845a2a2a4428e1d3c92f8154d6af74a4cd3b85770c7de41dc6cfe8432_amd64", "product_id": "3scale-amp2/toolbox-rhel8@sha256:4c3dc23845a2a2a4428e1d3c92f8154d6af74a4cd3b85770c7de41dc6cfe8432_amd64", "product_identification_helper": { "purl": "pkg:oci/toolbox-rhel8@sha256:4c3dc23845a2a2a4428e1d3c92f8154d6af74a4cd3b85770c7de41dc6cfe8432?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/toolbox-rhel8\u0026tag=3scale2.13.7" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:352ab243649889842cf0f326cd4fce1868cfa57eb544f553eea8a6cdd6cb4d3e_amd64 as a component of Red Hat 3Scale 2.13", "product_id": "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator-metadata@sha256:352ab243649889842cf0f326cd4fce1868cfa57eb544f553eea8a6cdd6cb4d3e_amd64" }, "product_reference": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:352ab243649889842cf0f326cd4fce1868cfa57eb544f553eea8a6cdd6cb4d3e_amd64", "relates_to_product_reference": "7Server-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:7640944214f9431f5783368d7c9a5a25fcb1b1c897755c07872138a5bf5ec6f7_ppc64le as a component of Red Hat 3Scale 2.13", "product_id": "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator-metadata@sha256:7640944214f9431f5783368d7c9a5a25fcb1b1c897755c07872138a5bf5ec6f7_ppc64le" }, "product_reference": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:7640944214f9431f5783368d7c9a5a25fcb1b1c897755c07872138a5bf5ec6f7_ppc64le", "relates_to_product_reference": "7Server-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:7f09c8239d22e839a201e2baa598ded32f15f66b2736d51159c4c3710d34b472_s390x as a component of Red Hat 3Scale 2.13", "product_id": "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator-metadata@sha256:7f09c8239d22e839a201e2baa598ded32f15f66b2736d51159c4c3710d34b472_s390x" }, "product_reference": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:7f09c8239d22e839a201e2baa598ded32f15f66b2736d51159c4c3710d34b472_s390x", "relates_to_product_reference": "7Server-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/3scale-rhel7-operator@sha256:bde9ba77661146621d353e6d0827060292c72b8542ae8fd5d3790411a823c639_s390x as a component of Red Hat 3Scale 2.13", "product_id": "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:bde9ba77661146621d353e6d0827060292c72b8542ae8fd5d3790411a823c639_s390x" }, "product_reference": "3scale-amp2/3scale-rhel7-operator@sha256:bde9ba77661146621d353e6d0827060292c72b8542ae8fd5d3790411a823c639_s390x", "relates_to_product_reference": "7Server-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/3scale-rhel7-operator@sha256:cb57b7338561b5e2c18759726847e33a164f95440b9e5682654638297d5c5f69_ppc64le as a component of Red Hat 3Scale 2.13", "product_id": "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:cb57b7338561b5e2c18759726847e33a164f95440b9e5682654638297d5c5f69_ppc64le" }, "product_reference": "3scale-amp2/3scale-rhel7-operator@sha256:cb57b7338561b5e2c18759726847e33a164f95440b9e5682654638297d5c5f69_ppc64le", "relates_to_product_reference": "7Server-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/3scale-rhel7-operator@sha256:f4508a6fffd3e604942e0e12239707e05cc5657765c100fb9953f0405206fd39_amd64 as a component of Red Hat 3Scale 2.13", "product_id": "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:f4508a6fffd3e604942e0e12239707e05cc5657765c100fb9953f0405206fd39_amd64" }, "product_reference": "3scale-amp2/3scale-rhel7-operator@sha256:f4508a6fffd3e604942e0e12239707e05cc5657765c100fb9953f0405206fd39_amd64", "relates_to_product_reference": "7Server-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:6da016547c24d2c1e044ae8f6639da6a2975792583501d4fd7d9839935941739_ppc64le as a component of Red Hat 3Scale 2.13", "product_id": "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator-metadata@sha256:6da016547c24d2c1e044ae8f6639da6a2975792583501d4fd7d9839935941739_ppc64le" }, "product_reference": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:6da016547c24d2c1e044ae8f6639da6a2975792583501d4fd7d9839935941739_ppc64le", "relates_to_product_reference": "7Server-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:868ecb3ffa5a83b3eda3f7f4ba31dad0e57e97b857b657a46c8bbdfa69a27922_amd64 as a component of Red Hat 3Scale 2.13", "product_id": "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator-metadata@sha256:868ecb3ffa5a83b3eda3f7f4ba31dad0e57e97b857b657a46c8bbdfa69a27922_amd64" }, "product_reference": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:868ecb3ffa5a83b3eda3f7f4ba31dad0e57e97b857b657a46c8bbdfa69a27922_amd64", "relates_to_product_reference": "7Server-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:cb9e6381aa2b748a0ca7d6a90de784bfded5a57e0446df6b217b9b5112dfa9bc_s390x as a component of Red Hat 3Scale 2.13", "product_id": "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator-metadata@sha256:cb9e6381aa2b748a0ca7d6a90de784bfded5a57e0446df6b217b9b5112dfa9bc_s390x" }, "product_reference": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:cb9e6381aa2b748a0ca7d6a90de784bfded5a57e0446df6b217b9b5112dfa9bc_s390x", "relates_to_product_reference": "7Server-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/apicast-rhel7-operator@sha256:4975248f24d7a5bb414729f66d98957cdac23cabefb1b6b8b60bc50d5e4a4ec7_amd64 as a component of Red Hat 3Scale 2.13", "product_id": "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator@sha256:4975248f24d7a5bb414729f66d98957cdac23cabefb1b6b8b60bc50d5e4a4ec7_amd64" }, "product_reference": "3scale-amp2/apicast-rhel7-operator@sha256:4975248f24d7a5bb414729f66d98957cdac23cabefb1b6b8b60bc50d5e4a4ec7_amd64", "relates_to_product_reference": "7Server-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/apicast-rhel7-operator@sha256:89b3c616730f3d88082e44fd9008c8c58dc85f7e3e55cf6817efc406e37fd861_ppc64le as a component of Red Hat 3Scale 2.13", "product_id": "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator@sha256:89b3c616730f3d88082e44fd9008c8c58dc85f7e3e55cf6817efc406e37fd861_ppc64le" }, "product_reference": "3scale-amp2/apicast-rhel7-operator@sha256:89b3c616730f3d88082e44fd9008c8c58dc85f7e3e55cf6817efc406e37fd861_ppc64le", "relates_to_product_reference": "7Server-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/apicast-rhel7-operator@sha256:f6b3e65a3acfdd12f3c091deecd95b86932ad1a0174d303a05fecca54c1cbc70_s390x as a component of Red Hat 3Scale 2.13", "product_id": "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator@sha256:f6b3e65a3acfdd12f3c091deecd95b86932ad1a0174d303a05fecca54c1cbc70_s390x" }, "product_reference": "3scale-amp2/apicast-rhel7-operator@sha256:f6b3e65a3acfdd12f3c091deecd95b86932ad1a0174d303a05fecca54c1cbc70_s390x", "relates_to_product_reference": "7Server-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/memcached-rhel7@sha256:92320cd96dfb3e5279825f6a019c8c3c6d365252474dc4fe1ec9196d7e9d579f_ppc64le as a component of Red Hat 3Scale 2.13", "product_id": "7Server-3SCALE-2.13:3scale-amp2/memcached-rhel7@sha256:92320cd96dfb3e5279825f6a019c8c3c6d365252474dc4fe1ec9196d7e9d579f_ppc64le" }, "product_reference": "3scale-amp2/memcached-rhel7@sha256:92320cd96dfb3e5279825f6a019c8c3c6d365252474dc4fe1ec9196d7e9d579f_ppc64le", "relates_to_product_reference": "7Server-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/memcached-rhel7@sha256:e42b92c87ce020174445ebb0d506dfff90da15c6710a2a1a046a61ad39052b90_amd64 as a component of Red Hat 3Scale 2.13", "product_id": "7Server-3SCALE-2.13:3scale-amp2/memcached-rhel7@sha256:e42b92c87ce020174445ebb0d506dfff90da15c6710a2a1a046a61ad39052b90_amd64" }, "product_reference": "3scale-amp2/memcached-rhel7@sha256:e42b92c87ce020174445ebb0d506dfff90da15c6710a2a1a046a61ad39052b90_amd64", "relates_to_product_reference": "7Server-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/memcached-rhel7@sha256:e66fe95ce5d29279dba41959c86a6c1c19d6e69cc4198bb1a6c994fbab47b009_s390x as a component of Red Hat 3Scale 2.13", "product_id": "7Server-3SCALE-2.13:3scale-amp2/memcached-rhel7@sha256:e66fe95ce5d29279dba41959c86a6c1c19d6e69cc4198bb1a6c994fbab47b009_s390x" }, "product_reference": "3scale-amp2/memcached-rhel7@sha256:e66fe95ce5d29279dba41959c86a6c1c19d6e69cc4198bb1a6c994fbab47b009_s390x", "relates_to_product_reference": "7Server-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/system-rhel7@sha256:18bdf176bc553ddf16c6738159c57b78b081ab646a051c130814cc84fcb3367f_amd64 as a component of Red Hat 3Scale 2.13", "product_id": "7Server-3SCALE-2.13:3scale-amp2/system-rhel7@sha256:18bdf176bc553ddf16c6738159c57b78b081ab646a051c130814cc84fcb3367f_amd64" }, "product_reference": "3scale-amp2/system-rhel7@sha256:18bdf176bc553ddf16c6738159c57b78b081ab646a051c130814cc84fcb3367f_amd64", "relates_to_product_reference": "7Server-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/system-rhel7@sha256:e1ac0bd8d5178e30712cb9a1e88874a8c2093d562fa44bbf80ec131ae30a4e71_s390x as a component of Red Hat 3Scale 2.13", "product_id": "7Server-3SCALE-2.13:3scale-amp2/system-rhel7@sha256:e1ac0bd8d5178e30712cb9a1e88874a8c2093d562fa44bbf80ec131ae30a4e71_s390x" }, "product_reference": "3scale-amp2/system-rhel7@sha256:e1ac0bd8d5178e30712cb9a1e88874a8c2093d562fa44bbf80ec131ae30a4e71_s390x", "relates_to_product_reference": "7Server-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/system-rhel7@sha256:f42d5705204ffbdbd3d72764d3a69008cad4b2384d630a44d5f700cdbba24a88_ppc64le as a component of Red Hat 3Scale 2.13", "product_id": "7Server-3SCALE-2.13:3scale-amp2/system-rhel7@sha256:f42d5705204ffbdbd3d72764d3a69008cad4b2384d630a44d5f700cdbba24a88_ppc64le" }, "product_reference": "3scale-amp2/system-rhel7@sha256:f42d5705204ffbdbd3d72764d3a69008cad4b2384d630a44d5f700cdbba24a88_ppc64le", "relates_to_product_reference": "7Server-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/3scale-auth-wasm-rhel8@sha256:6482676ba77f470ff671ac523674e86a609cfa064b59edeba84f5431423fba8d_amd64 as a component of Red Hat 3Scale 2.13", "product_id": "8Base-3SCALE-2.13:3scale-amp2/3scale-auth-wasm-rhel8@sha256:6482676ba77f470ff671ac523674e86a609cfa064b59edeba84f5431423fba8d_amd64" }, "product_reference": "3scale-amp2/3scale-auth-wasm-rhel8@sha256:6482676ba77f470ff671ac523674e86a609cfa064b59edeba84f5431423fba8d_amd64", "relates_to_product_reference": "8Base-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/3scale-auth-wasm-rhel8@sha256:a3641417e69305f6aaffe22459879e0c550eabd5d814d19896a417a1aabb4c9f_ppc64le as a component of Red Hat 3Scale 2.13", "product_id": "8Base-3SCALE-2.13:3scale-amp2/3scale-auth-wasm-rhel8@sha256:a3641417e69305f6aaffe22459879e0c550eabd5d814d19896a417a1aabb4c9f_ppc64le" }, "product_reference": "3scale-amp2/3scale-auth-wasm-rhel8@sha256:a3641417e69305f6aaffe22459879e0c550eabd5d814d19896a417a1aabb4c9f_ppc64le", "relates_to_product_reference": "8Base-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/apicast-gateway-rhel8@sha256:8b98559a9d68b7169664db60c8e492cdf3319771bcffafbd50468e93cfef9cfe_s390x as a component of Red Hat 3Scale 2.13", "product_id": "8Base-3SCALE-2.13:3scale-amp2/apicast-gateway-rhel8@sha256:8b98559a9d68b7169664db60c8e492cdf3319771bcffafbd50468e93cfef9cfe_s390x" }, "product_reference": "3scale-amp2/apicast-gateway-rhel8@sha256:8b98559a9d68b7169664db60c8e492cdf3319771bcffafbd50468e93cfef9cfe_s390x", "relates_to_product_reference": "8Base-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/apicast-gateway-rhel8@sha256:c352f6912a4e54bfe725360994674b4ce8a815777db7d3554b6634e341d1ed5a_ppc64le as a component of Red Hat 3Scale 2.13", "product_id": "8Base-3SCALE-2.13:3scale-amp2/apicast-gateway-rhel8@sha256:c352f6912a4e54bfe725360994674b4ce8a815777db7d3554b6634e341d1ed5a_ppc64le" }, "product_reference": "3scale-amp2/apicast-gateway-rhel8@sha256:c352f6912a4e54bfe725360994674b4ce8a815777db7d3554b6634e341d1ed5a_ppc64le", "relates_to_product_reference": "8Base-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/apicast-gateway-rhel8@sha256:d8cc91c649553c49e0da15f7ab7466be2e78ef3e00c2a7b743f69c1891b75dd5_amd64 as a component of Red Hat 3Scale 2.13", "product_id": "8Base-3SCALE-2.13:3scale-amp2/apicast-gateway-rhel8@sha256:d8cc91c649553c49e0da15f7ab7466be2e78ef3e00c2a7b743f69c1891b75dd5_amd64" }, "product_reference": "3scale-amp2/apicast-gateway-rhel8@sha256:d8cc91c649553c49e0da15f7ab7466be2e78ef3e00c2a7b743f69c1891b75dd5_amd64", "relates_to_product_reference": "8Base-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/backend-rhel8@sha256:081ef7a49e91fd6a88a89e3d5c61f47f59658a3688635dc9680e7182f5af74c5_ppc64le as a component of Red Hat 3Scale 2.13", "product_id": "8Base-3SCALE-2.13:3scale-amp2/backend-rhel8@sha256:081ef7a49e91fd6a88a89e3d5c61f47f59658a3688635dc9680e7182f5af74c5_ppc64le" }, "product_reference": "3scale-amp2/backend-rhel8@sha256:081ef7a49e91fd6a88a89e3d5c61f47f59658a3688635dc9680e7182f5af74c5_ppc64le", "relates_to_product_reference": "8Base-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/backend-rhel8@sha256:3f67636d93ed7e1a5fd0ae3a9bc41e0ca4b80180d40638ffc9fc11e682740bfc_s390x as a component of Red Hat 3Scale 2.13", "product_id": "8Base-3SCALE-2.13:3scale-amp2/backend-rhel8@sha256:3f67636d93ed7e1a5fd0ae3a9bc41e0ca4b80180d40638ffc9fc11e682740bfc_s390x" }, "product_reference": "3scale-amp2/backend-rhel8@sha256:3f67636d93ed7e1a5fd0ae3a9bc41e0ca4b80180d40638ffc9fc11e682740bfc_s390x", "relates_to_product_reference": "8Base-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/backend-rhel8@sha256:e18b80f1a9a2282f7073c91c4f17fb4e24aa4cf95dd17fe384f61fd844a0f48b_amd64 as a component of Red Hat 3Scale 2.13", "product_id": "8Base-3SCALE-2.13:3scale-amp2/backend-rhel8@sha256:e18b80f1a9a2282f7073c91c4f17fb4e24aa4cf95dd17fe384f61fd844a0f48b_amd64" }, "product_reference": "3scale-amp2/backend-rhel8@sha256:e18b80f1a9a2282f7073c91c4f17fb4e24aa4cf95dd17fe384f61fd844a0f48b_amd64", "relates_to_product_reference": "8Base-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/toolbox-rhel8@sha256:31b55a31c944120649adef59b3ed41ebb252acff454fafe9dd5bf5990abf7d1b_ppc64le as a component of Red Hat 3Scale 2.13", "product_id": "8Base-3SCALE-2.13:3scale-amp2/toolbox-rhel8@sha256:31b55a31c944120649adef59b3ed41ebb252acff454fafe9dd5bf5990abf7d1b_ppc64le" }, "product_reference": "3scale-amp2/toolbox-rhel8@sha256:31b55a31c944120649adef59b3ed41ebb252acff454fafe9dd5bf5990abf7d1b_ppc64le", "relates_to_product_reference": "8Base-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/toolbox-rhel8@sha256:480e758bf61a1c77545daa8d078bf1f26ccfd5153723ea6e1159e61e5f11a5d0_s390x as a component of Red Hat 3Scale 2.13", "product_id": "8Base-3SCALE-2.13:3scale-amp2/toolbox-rhel8@sha256:480e758bf61a1c77545daa8d078bf1f26ccfd5153723ea6e1159e61e5f11a5d0_s390x" }, "product_reference": "3scale-amp2/toolbox-rhel8@sha256:480e758bf61a1c77545daa8d078bf1f26ccfd5153723ea6e1159e61e5f11a5d0_s390x", "relates_to_product_reference": "8Base-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/toolbox-rhel8@sha256:4c3dc23845a2a2a4428e1d3c92f8154d6af74a4cd3b85770c7de41dc6cfe8432_amd64 as a component of Red Hat 3Scale 2.13", "product_id": "8Base-3SCALE-2.13:3scale-amp2/toolbox-rhel8@sha256:4c3dc23845a2a2a4428e1d3c92f8154d6af74a4cd3b85770c7de41dc6cfe8432_amd64" }, "product_reference": "3scale-amp2/toolbox-rhel8@sha256:4c3dc23845a2a2a4428e1d3c92f8154d6af74a4cd3b85770c7de41dc6cfe8432_amd64", "relates_to_product_reference": "8Base-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/zync-rhel8@sha256:13b6435c608b33a410e9766729a16f72b266158f5b176640cc8c8b46d5fd8987_amd64 as a component of Red Hat 3Scale 2.13", "product_id": "8Base-3SCALE-2.13:3scale-amp2/zync-rhel8@sha256:13b6435c608b33a410e9766729a16f72b266158f5b176640cc8c8b46d5fd8987_amd64" }, "product_reference": "3scale-amp2/zync-rhel8@sha256:13b6435c608b33a410e9766729a16f72b266158f5b176640cc8c8b46d5fd8987_amd64", "relates_to_product_reference": "8Base-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/zync-rhel8@sha256:4e785267cfbe9e1bd7bb819606796cd6b7d1765bf6450870e66ef5a4e7e1fbb0_ppc64le as a component of Red Hat 3Scale 2.13", "product_id": "8Base-3SCALE-2.13:3scale-amp2/zync-rhel8@sha256:4e785267cfbe9e1bd7bb819606796cd6b7d1765bf6450870e66ef5a4e7e1fbb0_ppc64le" }, "product_reference": "3scale-amp2/zync-rhel8@sha256:4e785267cfbe9e1bd7bb819606796cd6b7d1765bf6450870e66ef5a4e7e1fbb0_ppc64le", "relates_to_product_reference": "8Base-3SCALE-2.13" }, { "category": "default_component_of", "full_product_name": { "name": "3scale-amp2/zync-rhel8@sha256:eaa567f706c71f6351d4db8434094d5cf1e89c0c8aa2abee66734bf1225929f4_s390x as a component of Red Hat 3Scale 2.13", "product_id": "8Base-3SCALE-2.13:3scale-amp2/zync-rhel8@sha256:eaa567f706c71f6351d4db8434094d5cf1e89c0c8aa2abee66734bf1225929f4_s390x" }, "product_reference": "3scale-amp2/zync-rhel8@sha256:eaa567f706c71f6351d4db8434094d5cf1e89c0c8aa2abee66734bf1225929f4_s390x", "relates_to_product_reference": "8Base-3SCALE-2.13" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-39325", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-10-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator-metadata@sha256:352ab243649889842cf0f326cd4fce1868cfa57eb544f553eea8a6cdd6cb4d3e_amd64", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator-metadata@sha256:7640944214f9431f5783368d7c9a5a25fcb1b1c897755c07872138a5bf5ec6f7_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator-metadata@sha256:7f09c8239d22e839a201e2baa598ded32f15f66b2736d51159c4c3710d34b472_s390x", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator-metadata@sha256:6da016547c24d2c1e044ae8f6639da6a2975792583501d4fd7d9839935941739_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator-metadata@sha256:868ecb3ffa5a83b3eda3f7f4ba31dad0e57e97b857b657a46c8bbdfa69a27922_amd64", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator-metadata@sha256:cb9e6381aa2b748a0ca7d6a90de784bfded5a57e0446df6b217b9b5112dfa9bc_s390x", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator@sha256:4975248f24d7a5bb414729f66d98957cdac23cabefb1b6b8b60bc50d5e4a4ec7_amd64", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator@sha256:89b3c616730f3d88082e44fd9008c8c58dc85f7e3e55cf6817efc406e37fd861_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator@sha256:f6b3e65a3acfdd12f3c091deecd95b86932ad1a0174d303a05fecca54c1cbc70_s390x", "7Server-3SCALE-2.13:3scale-amp2/memcached-rhel7@sha256:92320cd96dfb3e5279825f6a019c8c3c6d365252474dc4fe1ec9196d7e9d579f_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/memcached-rhel7@sha256:e42b92c87ce020174445ebb0d506dfff90da15c6710a2a1a046a61ad39052b90_amd64", "7Server-3SCALE-2.13:3scale-amp2/memcached-rhel7@sha256:e66fe95ce5d29279dba41959c86a6c1c19d6e69cc4198bb1a6c994fbab47b009_s390x", "7Server-3SCALE-2.13:3scale-amp2/system-rhel7@sha256:18bdf176bc553ddf16c6738159c57b78b081ab646a051c130814cc84fcb3367f_amd64", "7Server-3SCALE-2.13:3scale-amp2/system-rhel7@sha256:e1ac0bd8d5178e30712cb9a1e88874a8c2093d562fa44bbf80ec131ae30a4e71_s390x", "7Server-3SCALE-2.13:3scale-amp2/system-rhel7@sha256:f42d5705204ffbdbd3d72764d3a69008cad4b2384d630a44d5f700cdbba24a88_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/3scale-auth-wasm-rhel8@sha256:6482676ba77f470ff671ac523674e86a609cfa064b59edeba84f5431423fba8d_amd64", "8Base-3SCALE-2.13:3scale-amp2/3scale-auth-wasm-rhel8@sha256:a3641417e69305f6aaffe22459879e0c550eabd5d814d19896a417a1aabb4c9f_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/apicast-gateway-rhel8@sha256:8b98559a9d68b7169664db60c8e492cdf3319771bcffafbd50468e93cfef9cfe_s390x", "8Base-3SCALE-2.13:3scale-amp2/apicast-gateway-rhel8@sha256:c352f6912a4e54bfe725360994674b4ce8a815777db7d3554b6634e341d1ed5a_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/apicast-gateway-rhel8@sha256:d8cc91c649553c49e0da15f7ab7466be2e78ef3e00c2a7b743f69c1891b75dd5_amd64", "8Base-3SCALE-2.13:3scale-amp2/backend-rhel8@sha256:081ef7a49e91fd6a88a89e3d5c61f47f59658a3688635dc9680e7182f5af74c5_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/backend-rhel8@sha256:3f67636d93ed7e1a5fd0ae3a9bc41e0ca4b80180d40638ffc9fc11e682740bfc_s390x", "8Base-3SCALE-2.13:3scale-amp2/backend-rhel8@sha256:e18b80f1a9a2282f7073c91c4f17fb4e24aa4cf95dd17fe384f61fd844a0f48b_amd64", "8Base-3SCALE-2.13:3scale-amp2/toolbox-rhel8@sha256:31b55a31c944120649adef59b3ed41ebb252acff454fafe9dd5bf5990abf7d1b_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/toolbox-rhel8@sha256:480e758bf61a1c77545daa8d078bf1f26ccfd5153723ea6e1159e61e5f11a5d0_s390x", "8Base-3SCALE-2.13:3scale-amp2/toolbox-rhel8@sha256:4c3dc23845a2a2a4428e1d3c92f8154d6af74a4cd3b85770c7de41dc6cfe8432_amd64", "8Base-3SCALE-2.13:3scale-amp2/zync-rhel8@sha256:13b6435c608b33a410e9766729a16f72b266158f5b176640cc8c8b46d5fd8987_amd64", "8Base-3SCALE-2.13:3scale-amp2/zync-rhel8@sha256:4e785267cfbe9e1bd7bb819606796cd6b7d1765bf6450870e66ef5a4e7e1fbb0_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/zync-rhel8@sha256:eaa567f706c71f6351d4db8434094d5cf1e89c0c8aa2abee66734bf1225929f4_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2243296" } ], "notes": [ { "category": "description", "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:bde9ba77661146621d353e6d0827060292c72b8542ae8fd5d3790411a823c639_s390x", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:cb57b7338561b5e2c18759726847e33a164f95440b9e5682654638297d5c5f69_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:f4508a6fffd3e604942e0e12239707e05cc5657765c100fb9953f0405206fd39_amd64" ], "known_not_affected": [ "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator-metadata@sha256:352ab243649889842cf0f326cd4fce1868cfa57eb544f553eea8a6cdd6cb4d3e_amd64", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator-metadata@sha256:7640944214f9431f5783368d7c9a5a25fcb1b1c897755c07872138a5bf5ec6f7_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator-metadata@sha256:7f09c8239d22e839a201e2baa598ded32f15f66b2736d51159c4c3710d34b472_s390x", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator-metadata@sha256:6da016547c24d2c1e044ae8f6639da6a2975792583501d4fd7d9839935941739_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator-metadata@sha256:868ecb3ffa5a83b3eda3f7f4ba31dad0e57e97b857b657a46c8bbdfa69a27922_amd64", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator-metadata@sha256:cb9e6381aa2b748a0ca7d6a90de784bfded5a57e0446df6b217b9b5112dfa9bc_s390x", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator@sha256:4975248f24d7a5bb414729f66d98957cdac23cabefb1b6b8b60bc50d5e4a4ec7_amd64", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator@sha256:89b3c616730f3d88082e44fd9008c8c58dc85f7e3e55cf6817efc406e37fd861_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator@sha256:f6b3e65a3acfdd12f3c091deecd95b86932ad1a0174d303a05fecca54c1cbc70_s390x", "7Server-3SCALE-2.13:3scale-amp2/memcached-rhel7@sha256:92320cd96dfb3e5279825f6a019c8c3c6d365252474dc4fe1ec9196d7e9d579f_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/memcached-rhel7@sha256:e42b92c87ce020174445ebb0d506dfff90da15c6710a2a1a046a61ad39052b90_amd64", "7Server-3SCALE-2.13:3scale-amp2/memcached-rhel7@sha256:e66fe95ce5d29279dba41959c86a6c1c19d6e69cc4198bb1a6c994fbab47b009_s390x", "7Server-3SCALE-2.13:3scale-amp2/system-rhel7@sha256:18bdf176bc553ddf16c6738159c57b78b081ab646a051c130814cc84fcb3367f_amd64", "7Server-3SCALE-2.13:3scale-amp2/system-rhel7@sha256:e1ac0bd8d5178e30712cb9a1e88874a8c2093d562fa44bbf80ec131ae30a4e71_s390x", "7Server-3SCALE-2.13:3scale-amp2/system-rhel7@sha256:f42d5705204ffbdbd3d72764d3a69008cad4b2384d630a44d5f700cdbba24a88_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/3scale-auth-wasm-rhel8@sha256:6482676ba77f470ff671ac523674e86a609cfa064b59edeba84f5431423fba8d_amd64", "8Base-3SCALE-2.13:3scale-amp2/3scale-auth-wasm-rhel8@sha256:a3641417e69305f6aaffe22459879e0c550eabd5d814d19896a417a1aabb4c9f_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/apicast-gateway-rhel8@sha256:8b98559a9d68b7169664db60c8e492cdf3319771bcffafbd50468e93cfef9cfe_s390x", "8Base-3SCALE-2.13:3scale-amp2/apicast-gateway-rhel8@sha256:c352f6912a4e54bfe725360994674b4ce8a815777db7d3554b6634e341d1ed5a_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/apicast-gateway-rhel8@sha256:d8cc91c649553c49e0da15f7ab7466be2e78ef3e00c2a7b743f69c1891b75dd5_amd64", "8Base-3SCALE-2.13:3scale-amp2/backend-rhel8@sha256:081ef7a49e91fd6a88a89e3d5c61f47f59658a3688635dc9680e7182f5af74c5_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/backend-rhel8@sha256:3f67636d93ed7e1a5fd0ae3a9bc41e0ca4b80180d40638ffc9fc11e682740bfc_s390x", "8Base-3SCALE-2.13:3scale-amp2/backend-rhel8@sha256:e18b80f1a9a2282f7073c91c4f17fb4e24aa4cf95dd17fe384f61fd844a0f48b_amd64", "8Base-3SCALE-2.13:3scale-amp2/toolbox-rhel8@sha256:31b55a31c944120649adef59b3ed41ebb252acff454fafe9dd5bf5990abf7d1b_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/toolbox-rhel8@sha256:480e758bf61a1c77545daa8d078bf1f26ccfd5153723ea6e1159e61e5f11a5d0_s390x", "8Base-3SCALE-2.13:3scale-amp2/toolbox-rhel8@sha256:4c3dc23845a2a2a4428e1d3c92f8154d6af74a4cd3b85770c7de41dc6cfe8432_amd64", "8Base-3SCALE-2.13:3scale-amp2/zync-rhel8@sha256:13b6435c608b33a410e9766729a16f72b266158f5b176640cc8c8b46d5fd8987_amd64", "8Base-3SCALE-2.13:3scale-amp2/zync-rhel8@sha256:4e785267cfbe9e1bd7bb819606796cd6b7d1765bf6450870e66ef5a4e7e1fbb0_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/zync-rhel8@sha256:eaa567f706c71f6351d4db8434094d5cf1e89c0c8aa2abee66734bf1225929f4_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39325" }, { "category": "external", "summary": "RHBZ#2243296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2023-44487", "url": "https://access.redhat.com/security/cve/CVE-2023-44487" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" }, { "category": "external", "summary": "https://go.dev/issue/63417", "url": "https://go.dev/issue/63417" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-2102", "url": "https://pkg.go.dev/vuln/GO-2023-2102" }, { "category": "external", "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" } ], "release_date": "2023-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.13/html-single/installing_3scale/index", "product_ids": [ "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:bde9ba77661146621d353e6d0827060292c72b8542ae8fd5d3790411a823c639_s390x", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:cb57b7338561b5e2c18759726847e33a164f95440b9e5682654638297d5c5f69_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:f4508a6fffd3e604942e0e12239707e05cc5657765c100fb9953f0405206fd39_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHEA-2023:7327" }, { "category": "workaround", "details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.", "product_ids": [ "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator-metadata@sha256:352ab243649889842cf0f326cd4fce1868cfa57eb544f553eea8a6cdd6cb4d3e_amd64", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator-metadata@sha256:7640944214f9431f5783368d7c9a5a25fcb1b1c897755c07872138a5bf5ec6f7_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator-metadata@sha256:7f09c8239d22e839a201e2baa598ded32f15f66b2736d51159c4c3710d34b472_s390x", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:bde9ba77661146621d353e6d0827060292c72b8542ae8fd5d3790411a823c639_s390x", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:cb57b7338561b5e2c18759726847e33a164f95440b9e5682654638297d5c5f69_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:f4508a6fffd3e604942e0e12239707e05cc5657765c100fb9953f0405206fd39_amd64", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator-metadata@sha256:6da016547c24d2c1e044ae8f6639da6a2975792583501d4fd7d9839935941739_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator-metadata@sha256:868ecb3ffa5a83b3eda3f7f4ba31dad0e57e97b857b657a46c8bbdfa69a27922_amd64", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator-metadata@sha256:cb9e6381aa2b748a0ca7d6a90de784bfded5a57e0446df6b217b9b5112dfa9bc_s390x", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator@sha256:4975248f24d7a5bb414729f66d98957cdac23cabefb1b6b8b60bc50d5e4a4ec7_amd64", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator@sha256:89b3c616730f3d88082e44fd9008c8c58dc85f7e3e55cf6817efc406e37fd861_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator@sha256:f6b3e65a3acfdd12f3c091deecd95b86932ad1a0174d303a05fecca54c1cbc70_s390x", "7Server-3SCALE-2.13:3scale-amp2/memcached-rhel7@sha256:92320cd96dfb3e5279825f6a019c8c3c6d365252474dc4fe1ec9196d7e9d579f_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/memcached-rhel7@sha256:e42b92c87ce020174445ebb0d506dfff90da15c6710a2a1a046a61ad39052b90_amd64", "7Server-3SCALE-2.13:3scale-amp2/memcached-rhel7@sha256:e66fe95ce5d29279dba41959c86a6c1c19d6e69cc4198bb1a6c994fbab47b009_s390x", "7Server-3SCALE-2.13:3scale-amp2/system-rhel7@sha256:18bdf176bc553ddf16c6738159c57b78b081ab646a051c130814cc84fcb3367f_amd64", "7Server-3SCALE-2.13:3scale-amp2/system-rhel7@sha256:e1ac0bd8d5178e30712cb9a1e88874a8c2093d562fa44bbf80ec131ae30a4e71_s390x", "7Server-3SCALE-2.13:3scale-amp2/system-rhel7@sha256:f42d5705204ffbdbd3d72764d3a69008cad4b2384d630a44d5f700cdbba24a88_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/3scale-auth-wasm-rhel8@sha256:6482676ba77f470ff671ac523674e86a609cfa064b59edeba84f5431423fba8d_amd64", "8Base-3SCALE-2.13:3scale-amp2/3scale-auth-wasm-rhel8@sha256:a3641417e69305f6aaffe22459879e0c550eabd5d814d19896a417a1aabb4c9f_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/apicast-gateway-rhel8@sha256:8b98559a9d68b7169664db60c8e492cdf3319771bcffafbd50468e93cfef9cfe_s390x", "8Base-3SCALE-2.13:3scale-amp2/apicast-gateway-rhel8@sha256:c352f6912a4e54bfe725360994674b4ce8a815777db7d3554b6634e341d1ed5a_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/apicast-gateway-rhel8@sha256:d8cc91c649553c49e0da15f7ab7466be2e78ef3e00c2a7b743f69c1891b75dd5_amd64", "8Base-3SCALE-2.13:3scale-amp2/backend-rhel8@sha256:081ef7a49e91fd6a88a89e3d5c61f47f59658a3688635dc9680e7182f5af74c5_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/backend-rhel8@sha256:3f67636d93ed7e1a5fd0ae3a9bc41e0ca4b80180d40638ffc9fc11e682740bfc_s390x", "8Base-3SCALE-2.13:3scale-amp2/backend-rhel8@sha256:e18b80f1a9a2282f7073c91c4f17fb4e24aa4cf95dd17fe384f61fd844a0f48b_amd64", "8Base-3SCALE-2.13:3scale-amp2/toolbox-rhel8@sha256:31b55a31c944120649adef59b3ed41ebb252acff454fafe9dd5bf5990abf7d1b_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/toolbox-rhel8@sha256:480e758bf61a1c77545daa8d078bf1f26ccfd5153723ea6e1159e61e5f11a5d0_s390x", "8Base-3SCALE-2.13:3scale-amp2/toolbox-rhel8@sha256:4c3dc23845a2a2a4428e1d3c92f8154d6af74a4cd3b85770c7de41dc6cfe8432_amd64", "8Base-3SCALE-2.13:3scale-amp2/zync-rhel8@sha256:13b6435c608b33a410e9766729a16f72b266158f5b176640cc8c8b46d5fd8987_amd64", "8Base-3SCALE-2.13:3scale-amp2/zync-rhel8@sha256:4e785267cfbe9e1bd7bb819606796cd6b7d1765bf6450870e66ef5a4e7e1fbb0_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/zync-rhel8@sha256:eaa567f706c71f6351d4db8434094d5cf1e89c0c8aa2abee66734bf1225929f4_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:bde9ba77661146621d353e6d0827060292c72b8542ae8fd5d3790411a823c639_s390x", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:cb57b7338561b5e2c18759726847e33a164f95440b9e5682654638297d5c5f69_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:f4508a6fffd3e604942e0e12239707e05cc5657765c100fb9953f0405206fd39_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)" }, { "cve": "CVE-2023-44487", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-10-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator-metadata@sha256:352ab243649889842cf0f326cd4fce1868cfa57eb544f553eea8a6cdd6cb4d3e_amd64", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator-metadata@sha256:7640944214f9431f5783368d7c9a5a25fcb1b1c897755c07872138a5bf5ec6f7_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator-metadata@sha256:7f09c8239d22e839a201e2baa598ded32f15f66b2736d51159c4c3710d34b472_s390x", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator-metadata@sha256:6da016547c24d2c1e044ae8f6639da6a2975792583501d4fd7d9839935941739_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator-metadata@sha256:868ecb3ffa5a83b3eda3f7f4ba31dad0e57e97b857b657a46c8bbdfa69a27922_amd64", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator-metadata@sha256:cb9e6381aa2b748a0ca7d6a90de784bfded5a57e0446df6b217b9b5112dfa9bc_s390x", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator@sha256:4975248f24d7a5bb414729f66d98957cdac23cabefb1b6b8b60bc50d5e4a4ec7_amd64", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator@sha256:89b3c616730f3d88082e44fd9008c8c58dc85f7e3e55cf6817efc406e37fd861_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator@sha256:f6b3e65a3acfdd12f3c091deecd95b86932ad1a0174d303a05fecca54c1cbc70_s390x", "7Server-3SCALE-2.13:3scale-amp2/memcached-rhel7@sha256:92320cd96dfb3e5279825f6a019c8c3c6d365252474dc4fe1ec9196d7e9d579f_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/memcached-rhel7@sha256:e42b92c87ce020174445ebb0d506dfff90da15c6710a2a1a046a61ad39052b90_amd64", "7Server-3SCALE-2.13:3scale-amp2/memcached-rhel7@sha256:e66fe95ce5d29279dba41959c86a6c1c19d6e69cc4198bb1a6c994fbab47b009_s390x", "7Server-3SCALE-2.13:3scale-amp2/system-rhel7@sha256:18bdf176bc553ddf16c6738159c57b78b081ab646a051c130814cc84fcb3367f_amd64", "7Server-3SCALE-2.13:3scale-amp2/system-rhel7@sha256:e1ac0bd8d5178e30712cb9a1e88874a8c2093d562fa44bbf80ec131ae30a4e71_s390x", "7Server-3SCALE-2.13:3scale-amp2/system-rhel7@sha256:f42d5705204ffbdbd3d72764d3a69008cad4b2384d630a44d5f700cdbba24a88_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/3scale-auth-wasm-rhel8@sha256:6482676ba77f470ff671ac523674e86a609cfa064b59edeba84f5431423fba8d_amd64", "8Base-3SCALE-2.13:3scale-amp2/3scale-auth-wasm-rhel8@sha256:a3641417e69305f6aaffe22459879e0c550eabd5d814d19896a417a1aabb4c9f_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/apicast-gateway-rhel8@sha256:8b98559a9d68b7169664db60c8e492cdf3319771bcffafbd50468e93cfef9cfe_s390x", "8Base-3SCALE-2.13:3scale-amp2/apicast-gateway-rhel8@sha256:c352f6912a4e54bfe725360994674b4ce8a815777db7d3554b6634e341d1ed5a_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/apicast-gateway-rhel8@sha256:d8cc91c649553c49e0da15f7ab7466be2e78ef3e00c2a7b743f69c1891b75dd5_amd64", "8Base-3SCALE-2.13:3scale-amp2/backend-rhel8@sha256:081ef7a49e91fd6a88a89e3d5c61f47f59658a3688635dc9680e7182f5af74c5_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/backend-rhel8@sha256:3f67636d93ed7e1a5fd0ae3a9bc41e0ca4b80180d40638ffc9fc11e682740bfc_s390x", "8Base-3SCALE-2.13:3scale-amp2/backend-rhel8@sha256:e18b80f1a9a2282f7073c91c4f17fb4e24aa4cf95dd17fe384f61fd844a0f48b_amd64", "8Base-3SCALE-2.13:3scale-amp2/toolbox-rhel8@sha256:31b55a31c944120649adef59b3ed41ebb252acff454fafe9dd5bf5990abf7d1b_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/toolbox-rhel8@sha256:480e758bf61a1c77545daa8d078bf1f26ccfd5153723ea6e1159e61e5f11a5d0_s390x", "8Base-3SCALE-2.13:3scale-amp2/toolbox-rhel8@sha256:4c3dc23845a2a2a4428e1d3c92f8154d6af74a4cd3b85770c7de41dc6cfe8432_amd64", "8Base-3SCALE-2.13:3scale-amp2/zync-rhel8@sha256:13b6435c608b33a410e9766729a16f72b266158f5b176640cc8c8b46d5fd8987_amd64", "8Base-3SCALE-2.13:3scale-amp2/zync-rhel8@sha256:4e785267cfbe9e1bd7bb819606796cd6b7d1765bf6450870e66ef5a4e7e1fbb0_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/zync-rhel8@sha256:eaa567f706c71f6351d4db8434094d5cf1e89c0c8aa2abee66734bf1225929f4_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2242803" } ], "notes": [ { "category": "description", "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)", "title": "Vulnerability summary" }, { "category": "other", "text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:bde9ba77661146621d353e6d0827060292c72b8542ae8fd5d3790411a823c639_s390x", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:cb57b7338561b5e2c18759726847e33a164f95440b9e5682654638297d5c5f69_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:f4508a6fffd3e604942e0e12239707e05cc5657765c100fb9953f0405206fd39_amd64" ], "known_not_affected": [ "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator-metadata@sha256:352ab243649889842cf0f326cd4fce1868cfa57eb544f553eea8a6cdd6cb4d3e_amd64", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator-metadata@sha256:7640944214f9431f5783368d7c9a5a25fcb1b1c897755c07872138a5bf5ec6f7_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator-metadata@sha256:7f09c8239d22e839a201e2baa598ded32f15f66b2736d51159c4c3710d34b472_s390x", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator-metadata@sha256:6da016547c24d2c1e044ae8f6639da6a2975792583501d4fd7d9839935941739_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator-metadata@sha256:868ecb3ffa5a83b3eda3f7f4ba31dad0e57e97b857b657a46c8bbdfa69a27922_amd64", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator-metadata@sha256:cb9e6381aa2b748a0ca7d6a90de784bfded5a57e0446df6b217b9b5112dfa9bc_s390x", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator@sha256:4975248f24d7a5bb414729f66d98957cdac23cabefb1b6b8b60bc50d5e4a4ec7_amd64", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator@sha256:89b3c616730f3d88082e44fd9008c8c58dc85f7e3e55cf6817efc406e37fd861_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator@sha256:f6b3e65a3acfdd12f3c091deecd95b86932ad1a0174d303a05fecca54c1cbc70_s390x", "7Server-3SCALE-2.13:3scale-amp2/memcached-rhel7@sha256:92320cd96dfb3e5279825f6a019c8c3c6d365252474dc4fe1ec9196d7e9d579f_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/memcached-rhel7@sha256:e42b92c87ce020174445ebb0d506dfff90da15c6710a2a1a046a61ad39052b90_amd64", "7Server-3SCALE-2.13:3scale-amp2/memcached-rhel7@sha256:e66fe95ce5d29279dba41959c86a6c1c19d6e69cc4198bb1a6c994fbab47b009_s390x", "7Server-3SCALE-2.13:3scale-amp2/system-rhel7@sha256:18bdf176bc553ddf16c6738159c57b78b081ab646a051c130814cc84fcb3367f_amd64", "7Server-3SCALE-2.13:3scale-amp2/system-rhel7@sha256:e1ac0bd8d5178e30712cb9a1e88874a8c2093d562fa44bbf80ec131ae30a4e71_s390x", "7Server-3SCALE-2.13:3scale-amp2/system-rhel7@sha256:f42d5705204ffbdbd3d72764d3a69008cad4b2384d630a44d5f700cdbba24a88_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/3scale-auth-wasm-rhel8@sha256:6482676ba77f470ff671ac523674e86a609cfa064b59edeba84f5431423fba8d_amd64", "8Base-3SCALE-2.13:3scale-amp2/3scale-auth-wasm-rhel8@sha256:a3641417e69305f6aaffe22459879e0c550eabd5d814d19896a417a1aabb4c9f_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/apicast-gateway-rhel8@sha256:8b98559a9d68b7169664db60c8e492cdf3319771bcffafbd50468e93cfef9cfe_s390x", "8Base-3SCALE-2.13:3scale-amp2/apicast-gateway-rhel8@sha256:c352f6912a4e54bfe725360994674b4ce8a815777db7d3554b6634e341d1ed5a_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/apicast-gateway-rhel8@sha256:d8cc91c649553c49e0da15f7ab7466be2e78ef3e00c2a7b743f69c1891b75dd5_amd64", "8Base-3SCALE-2.13:3scale-amp2/backend-rhel8@sha256:081ef7a49e91fd6a88a89e3d5c61f47f59658a3688635dc9680e7182f5af74c5_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/backend-rhel8@sha256:3f67636d93ed7e1a5fd0ae3a9bc41e0ca4b80180d40638ffc9fc11e682740bfc_s390x", "8Base-3SCALE-2.13:3scale-amp2/backend-rhel8@sha256:e18b80f1a9a2282f7073c91c4f17fb4e24aa4cf95dd17fe384f61fd844a0f48b_amd64", "8Base-3SCALE-2.13:3scale-amp2/toolbox-rhel8@sha256:31b55a31c944120649adef59b3ed41ebb252acff454fafe9dd5bf5990abf7d1b_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/toolbox-rhel8@sha256:480e758bf61a1c77545daa8d078bf1f26ccfd5153723ea6e1159e61e5f11a5d0_s390x", "8Base-3SCALE-2.13:3scale-amp2/toolbox-rhel8@sha256:4c3dc23845a2a2a4428e1d3c92f8154d6af74a4cd3b85770c7de41dc6cfe8432_amd64", "8Base-3SCALE-2.13:3scale-amp2/zync-rhel8@sha256:13b6435c608b33a410e9766729a16f72b266158f5b176640cc8c8b46d5fd8987_amd64", "8Base-3SCALE-2.13:3scale-amp2/zync-rhel8@sha256:4e785267cfbe9e1bd7bb819606796cd6b7d1765bf6450870e66ef5a4e7e1fbb0_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/zync-rhel8@sha256:eaa567f706c71f6351d4db8434094d5cf1e89c0c8aa2abee66734bf1225929f4_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-44487" }, { "category": "external", "summary": "RHBZ#2242803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/277", "url": "https://github.com/dotnet/announcements/issues/277" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-2102", "url": "https://pkg.go.dev/vuln/GO-2023-2102" }, { "category": "external", "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" }, { "category": "external", "summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2023-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.13/html-single/installing_3scale/index", "product_ids": [ "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:bde9ba77661146621d353e6d0827060292c72b8542ae8fd5d3790411a823c639_s390x", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:cb57b7338561b5e2c18759726847e33a164f95440b9e5682654638297d5c5f69_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:f4508a6fffd3e604942e0e12239707e05cc5657765c100fb9953f0405206fd39_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHEA-2023:7327" }, { "category": "workaround", "details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.", "product_ids": [ "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator-metadata@sha256:352ab243649889842cf0f326cd4fce1868cfa57eb544f553eea8a6cdd6cb4d3e_amd64", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator-metadata@sha256:7640944214f9431f5783368d7c9a5a25fcb1b1c897755c07872138a5bf5ec6f7_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator-metadata@sha256:7f09c8239d22e839a201e2baa598ded32f15f66b2736d51159c4c3710d34b472_s390x", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:bde9ba77661146621d353e6d0827060292c72b8542ae8fd5d3790411a823c639_s390x", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:cb57b7338561b5e2c18759726847e33a164f95440b9e5682654638297d5c5f69_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:f4508a6fffd3e604942e0e12239707e05cc5657765c100fb9953f0405206fd39_amd64", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator-metadata@sha256:6da016547c24d2c1e044ae8f6639da6a2975792583501d4fd7d9839935941739_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator-metadata@sha256:868ecb3ffa5a83b3eda3f7f4ba31dad0e57e97b857b657a46c8bbdfa69a27922_amd64", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator-metadata@sha256:cb9e6381aa2b748a0ca7d6a90de784bfded5a57e0446df6b217b9b5112dfa9bc_s390x", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator@sha256:4975248f24d7a5bb414729f66d98957cdac23cabefb1b6b8b60bc50d5e4a4ec7_amd64", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator@sha256:89b3c616730f3d88082e44fd9008c8c58dc85f7e3e55cf6817efc406e37fd861_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/apicast-rhel7-operator@sha256:f6b3e65a3acfdd12f3c091deecd95b86932ad1a0174d303a05fecca54c1cbc70_s390x", "7Server-3SCALE-2.13:3scale-amp2/memcached-rhel7@sha256:92320cd96dfb3e5279825f6a019c8c3c6d365252474dc4fe1ec9196d7e9d579f_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/memcached-rhel7@sha256:e42b92c87ce020174445ebb0d506dfff90da15c6710a2a1a046a61ad39052b90_amd64", "7Server-3SCALE-2.13:3scale-amp2/memcached-rhel7@sha256:e66fe95ce5d29279dba41959c86a6c1c19d6e69cc4198bb1a6c994fbab47b009_s390x", "7Server-3SCALE-2.13:3scale-amp2/system-rhel7@sha256:18bdf176bc553ddf16c6738159c57b78b081ab646a051c130814cc84fcb3367f_amd64", "7Server-3SCALE-2.13:3scale-amp2/system-rhel7@sha256:e1ac0bd8d5178e30712cb9a1e88874a8c2093d562fa44bbf80ec131ae30a4e71_s390x", "7Server-3SCALE-2.13:3scale-amp2/system-rhel7@sha256:f42d5705204ffbdbd3d72764d3a69008cad4b2384d630a44d5f700cdbba24a88_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/3scale-auth-wasm-rhel8@sha256:6482676ba77f470ff671ac523674e86a609cfa064b59edeba84f5431423fba8d_amd64", "8Base-3SCALE-2.13:3scale-amp2/3scale-auth-wasm-rhel8@sha256:a3641417e69305f6aaffe22459879e0c550eabd5d814d19896a417a1aabb4c9f_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/apicast-gateway-rhel8@sha256:8b98559a9d68b7169664db60c8e492cdf3319771bcffafbd50468e93cfef9cfe_s390x", "8Base-3SCALE-2.13:3scale-amp2/apicast-gateway-rhel8@sha256:c352f6912a4e54bfe725360994674b4ce8a815777db7d3554b6634e341d1ed5a_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/apicast-gateway-rhel8@sha256:d8cc91c649553c49e0da15f7ab7466be2e78ef3e00c2a7b743f69c1891b75dd5_amd64", "8Base-3SCALE-2.13:3scale-amp2/backend-rhel8@sha256:081ef7a49e91fd6a88a89e3d5c61f47f59658a3688635dc9680e7182f5af74c5_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/backend-rhel8@sha256:3f67636d93ed7e1a5fd0ae3a9bc41e0ca4b80180d40638ffc9fc11e682740bfc_s390x", "8Base-3SCALE-2.13:3scale-amp2/backend-rhel8@sha256:e18b80f1a9a2282f7073c91c4f17fb4e24aa4cf95dd17fe384f61fd844a0f48b_amd64", "8Base-3SCALE-2.13:3scale-amp2/toolbox-rhel8@sha256:31b55a31c944120649adef59b3ed41ebb252acff454fafe9dd5bf5990abf7d1b_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/toolbox-rhel8@sha256:480e758bf61a1c77545daa8d078bf1f26ccfd5153723ea6e1159e61e5f11a5d0_s390x", "8Base-3SCALE-2.13:3scale-amp2/toolbox-rhel8@sha256:4c3dc23845a2a2a4428e1d3c92f8154d6af74a4cd3b85770c7de41dc6cfe8432_amd64", "8Base-3SCALE-2.13:3scale-amp2/zync-rhel8@sha256:13b6435c608b33a410e9766729a16f72b266158f5b176640cc8c8b46d5fd8987_amd64", "8Base-3SCALE-2.13:3scale-amp2/zync-rhel8@sha256:4e785267cfbe9e1bd7bb819606796cd6b7d1765bf6450870e66ef5a4e7e1fbb0_ppc64le", "8Base-3SCALE-2.13:3scale-amp2/zync-rhel8@sha256:eaa567f706c71f6351d4db8434094d5cf1e89c0c8aa2abee66734bf1225929f4_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:bde9ba77661146621d353e6d0827060292c72b8542ae8fd5d3790411a823c639_s390x", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:cb57b7338561b5e2c18759726847e33a164f95440b9e5682654638297d5c5f69_ppc64le", "7Server-3SCALE-2.13:3scale-amp2/3scale-rhel7-operator@sha256:f4508a6fffd3e604942e0e12239707e05cc5657765c100fb9953f0405206fd39_amd64" ] } ], "threats": [ { "category": "exploit_status", "date": "2023-10-10T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Important" } ], "title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)" } ] }
Loading...