rhsa-2018_0002
Vulnerability from csaf_redhat
Published
2018-01-03 10:30
Modified
2024-11-22 11:16
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.0.9 security update on RHEL 6
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 7.0.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API. (CVE-2017-12629)
* It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation. (CVE-2017-12189)
* It was found that GZIPInterceptor is enabled when not necessarily required in RESTEasy. An attacker could use this flaw to launch a Denial of Service attack. (CVE-2016-6346)
* It was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own. (CVE-2017-7559)
* It was discovered that the CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances. (CVE-2017-7561)
* It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. (CVE-2017-12167)
* It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling. (CVE-2017-12165)
Red Hat would like to thank Mikhail Egorov (Odin) for reporting CVE-2016-6346. The CVE-2017-7559 and CVE-2017-12165 issues were discovered by Stuart Douglas (Red Hat); the CVE-2017-7561 issue was discovered by Jason Shepherd (Red Hat Product Security); and the CVE-2017-12167 issue was discovered by Brian Stansberry (Red Hat) and Jeremy Choi (Red Hat).
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.0.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr\u0027s Config API. (CVE-2017-12629)\n\n* It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation. (CVE-2017-12189)\n\n* It was found that GZIPInterceptor is enabled when not necessarily required in RESTEasy. An attacker could use this flaw to launch a Denial of Service attack. (CVE-2016-6346)\n\n* It was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own. (CVE-2017-7559)\n\n* It was discovered that the CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances. (CVE-2017-7561)\n\n* It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. (CVE-2017-12167)\n\n* It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling. (CVE-2017-12165)\n\nRed Hat would like to thank Mikhail Egorov (Odin) for reporting CVE-2016-6346. The CVE-2017-7559 and CVE-2017-12165 issues were discovered by Stuart Douglas (Red Hat); the CVE-2017-7561 issue was discovered by Jason Shepherd (Red Hat Product Security); and the CVE-2017-12167 issue was discovered by Brian Stansberry (Red Hat) and Jeremy Choi (Red Hat).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:0002",
"url": "https://access.redhat.com/errata/RHSA-2018:0002"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/installation-guide/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/installation-guide/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/",
"url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
},
{
"category": "external",
"summary": "1372120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372120"
},
{
"category": "external",
"summary": "1481665",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1481665"
},
{
"category": "external",
"summary": "1483823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1483823"
},
{
"category": "external",
"summary": "1490301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490301"
},
{
"category": "external",
"summary": "1491612",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491612"
},
{
"category": "external",
"summary": "1499631",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499631"
},
{
"category": "external",
"summary": "1501529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501529"
},
{
"category": "external",
"summary": "JBEAP-12349",
"url": "https://issues.redhat.com/browse/JBEAP-12349"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0002.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.0.9 security update on RHEL 6",
"tracking": {
"current_release_date": "2024-11-22T11:16:59+00:00",
"generator": {
"date": "2024-11-22T11:16:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:0002",
"initial_release_date": "2018-01-03T10:30:19+00:00",
"revision_history": [
{
"date": "2018-01-03T10:30:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-01-03T10:30:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T11:16:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups@3.6.12-1.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.3.8-1.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.4.7-1.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"product_id": "eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@1.1.0-19.SP24_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"product_id": "eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.0.19-7.SP5_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.0.16-1.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"product": {
"name": "eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"product_id": "eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@4.0.25-1.Final_redhat_1.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"product": {
"name": "eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"product_id": "eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@1.3.31-3.Final_redhat_3.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"product": {
"name": "eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"product_id": "eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.0.9-4.GA_redhat_3.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"product": {
"name": "eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"product_id": "eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.0.9-2.GA_redhat_3.1.ep7.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups@3.6.12-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.3.8-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.3.8-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.3.8-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.3.8-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.3.8-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.3.8-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.3.8-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.3.8-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.3.8-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.4.7-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@1.1.0-19.SP24_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@1.1.0-19.SP24_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@1.1.0-19.SP24_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@1.1.0-19.SP24_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@1.1.0-19.SP24_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@1.1.0-19.SP24_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@1.1.0-19.SP24_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@1.1.0-19.SP24_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-native@1.1.0-19.SP24_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@1.1.0-19.SP24_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@1.1.0-19.SP24_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@1.1.0-19.SP24_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@1.1.0-19.SP24_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@1.1.0-19.SP24_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@1.1.0-19.SP24_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.0.19-7.SP5_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.0.19-7.SP5_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.0.19-7.SP5_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.0.19-7.SP5_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-async-http-servlet-3.0@3.0.19-7.SP5_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.0.19-7.SP5_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.0.19-7.SP5_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.0.19-7.SP5_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-client@3.0.19-7.SP5_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.0.19-7.SP5_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.0.19-7.SP5_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.0.19-7.SP5_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.0.19-7.SP5_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.0.19-7.SP5_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.0.19-7.SP5_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.0.19-7.SP5_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.0.19-7.SP5_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.0.19-7.SP5_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.0.16-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.0.16-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-infinispan@5.0.16-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.0.16-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.0.16-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.0.16-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"product": {
"name": "eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"product_id": "eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@4.0.25-1.Final_redhat_1.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"product": {
"name": "eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"product_id": "eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@1.3.31-3.Final_redhat_3.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"product_id": "eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.0.9-4.GA_redhat_3.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"product": {
"name": "eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"product_id": "eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.0.9-4.GA_redhat_3.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.0.9-2.GA_redhat_3.1.ep7.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src"
},
"product_reference": "eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch"
},
"product_reference": "eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch"
},
"product_reference": "eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src"
},
"product_reference": "eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch"
},
"product_reference": "eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src"
},
"product_reference": "eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src"
},
"product_reference": "eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JBEAP-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mikhail Egorov"
],
"organization": "Odin"
}
],
"cve": "CVE-2016-6346",
"discovery_date": "2016-08-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372120"
}
],
"notes": [
{
"category": "description",
"text": "It was found that GZIPInterceptor is enabled when not necessarily required in RESTEasy. An attacker could use this flaw to launch a Denial of Service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue was fixed in EAP 7.1.0, but was not fixed in 7.0.7\nOn Red Hat Satellite 6.5 this issue is fixed through the candlepin package update (candlepin 2.5.8), which contains a non-vulnerable version of RESTEasy.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6346"
},
{
"category": "external",
"summary": "RHBZ#1372120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6346",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6346"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6346",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6346"
}
],
"release_date": "2016-09-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-01-03T10:30:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0002"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack"
},
{
"acknowledgments": [
{
"names": [
"Stuart Douglas"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2017-7559",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2017-08-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1481665"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7559"
},
{
"category": "external",
"summary": "RHBZ#1481665",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1481665"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7559",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7559"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7559",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7559"
}
],
"release_date": "2017-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-01-03T10:30:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0002"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)"
},
{
"acknowledgments": [
{
"names": [
"Jason Shepherd"
],
"organization": "Red Hat Product Security",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2017-7561",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"discovery_date": "2017-08-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1483823"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "resteasy: Vary header not added by CORS filter leading to cache poisoning",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7561"
},
{
"category": "external",
"summary": "RHBZ#1483823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1483823"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7561",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7561"
}
],
"release_date": "2017-08-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-01-03T10:30:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0002"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "resteasy: Vary header not added by CORS filter leading to cache poisoning"
},
{
"acknowledgments": [
{
"names": [
"Stuart Douglas"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2017-12165",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2017-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1490301"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: improper whitespace parsing leading to potential HTTP request smuggling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12165"
},
{
"category": "external",
"summary": "RHBZ#1490301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490301"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12165",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12165"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12165",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12165"
}
],
"release_date": "2017-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-01-03T10:30:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0002"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undertow: improper whitespace parsing leading to potential HTTP request smuggling"
},
{
"acknowledgments": [
{
"names": [
"Brian Stansberry",
"Jeremy Choi"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2017-12167",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2017-09-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1491612"
}
],
"notes": [
{
"category": "description",
"text": "It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP-7: Wrong privileges on multiple property files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12167"
},
{
"category": "external",
"summary": "RHBZ#1491612",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491612"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12167",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12167"
}
],
"release_date": "2017-09-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-01-03T10:30:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0002"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "EAP-7: Wrong privileges on multiple property files"
},
{
"cve": "CVE-2017-12189",
"discovery_date": "2017-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1499631"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for CVE-2016-8656)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12189"
},
{
"category": "external",
"summary": "RHBZ#1499631",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499631"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12189",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12189"
}
],
"release_date": "2018-01-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-01-03T10:30:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0002"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for CVE-2016-8656)"
},
{
"cve": "CVE-2017-12629",
"cwe": {
"id": "CWE-138",
"name": "Improper Neutralization of Special Elements"
},
"discovery_date": "2017-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1501529"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr\u0027s Config API.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Solr: Code execution via entity expansion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The following products are not affected by this flaw, as they do not use the vulnerable functionality of either aspect of the issue.\nRed Hat JBoss Enterprise Application Platform 6\nRed Hat JBoss BPM Suite\nRed Hat JBoss BRMS\nRed Hat Enterprise Virtualization Manager\nRed Hat Single Sign-On 7\nRed Hat JBoss Portal Platform 6\n\nRed Hat JBoss Enterprise Application Platform 7 is not affected by this flaw. However, it does ship the vulnerable Lucene class in a dependency to another component. Customers who reuse the lucene-queryparser jar in their applications may be vulnerable to the External Entity Expansion aspect of this flaw. This will be patched in a forthcoming release.\n\nRed Hat JBoss Fuse is not affected by this flaw, as it does not use the vulnerable functionality of either aspect of this flaw. Fuse customers who may be running external Solr servers, while not affected from the Fuse side, are advised to secure their Solr servers as recommended in the mitigation provided.\n\nThe following products ship only the Lucene components relevant to this flaw, and are not vulnerable to the second portion of the vulnerability, the code execution exploit. As such, the impact of this flaw has been determined to be Moderate for these respective products:\nRed Hat JBoss Data Grid 7 \nRed Hat Enterprise Linux 6\nRed Hat Software Collections 2.4\n\nThis issue did not affect the versions of lucene as shipped with Red Hat Enterprise Linux 5.\n\nThis issue does not affect Elasticsearch as shipped in OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12629"
},
{
"category": "external",
"summary": "RHBZ#1501529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501529"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12629",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12629"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/CVE-2017-12629",
"url": "https://access.redhat.com/security/vulnerabilities/CVE-2017-12629"
}
],
"release_date": "2017-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-01-03T10:30:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0002"
},
{
"category": "workaround",
"details": "Until fixes are available, all Solr users are advised to restart their Solr instances with the system parameter `-Ddisable.configEdit=true`. This will disallow any changes to be made to configurations via the Config API. This is a key factor in this vulnerability, since it allows GET requests to add the RunExecutableListener to the config.\n\nThis is sufficient to protect from this type of attack, but means you cannot use the edit capabilities of the Config API until further fixes are in place.",
"product_ids": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.noarch",
"6Server-JBEAP-7.0:eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6.src",
"6Server-JBEAP-7.0:eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Solr: Code execution via entity expansion"
}
]
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.