csaf_redhat - rhsa-2018

rhsa-2018_2276

Vulnerability from csaf_redhat

Published

2018-07-26 15:49

Modified

2024-09-13 19:49

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1 security update

Notes

Topic

A security update is now available for Red Hat JBoss Enterprise Application Platform from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly. This asynchronous patch is a security update for wildfly-core and apache-cxf packages in Red Hat JBoss Enterprise Application Platform 7.1 Security Fix(es): * apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039) * wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files. (CVE-2018-10862)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly.\n\nThis asynchronous patch is a security update for wildfly-core and apache-cxf packages in Red Hat JBoss Enterprise Application Platform 7.1 \n\nSecurity Fix(es):\n\n* apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)\n\n* wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files. (CVE-2018-10862)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:2276",
        "url": "https://access.redhat.com/errata/RHSA-2018:2276"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1593527",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527"
      },
      {
        "category": "external",
        "summary": "1595332",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595332"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2018/rhsa-2018_2276.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1 security update",
    "tracking": {
      "current_release_date": "2024-09-13T19:49:44+00:00",
      "generator": {
        "date": "2024-09-13T19:49:44+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2018:2276",
      "initial_release_date": "2018-07-26T15:49:17+00:00",
      "revision_history": [
        {
          "date": "2018-07-26T15:49:17+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-07-26T15:49:17+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-13T19:49:44+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server",
                  "product_id": "7Server-JBEAP-7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server",
                  "product_id": "6Server-JBEAP-7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.src",
                "product": {
                  "name": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.src",
                  "product_id": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.1.16-1.redhat_1.1.ep7.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.src",
                "product": {
                  "name": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.src",
                  "product_id": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-xml-security@2.0.10-1.redhat_1.1.ep7.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.src",
                "product": {
                  "name": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.src",
                  "product_id": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wss4j@2.1.12-1.redhat_1.1.ep7.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.src",
                "product": {
                  "name": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.src",
                  "product_id": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.1.3-4.GA_redhat_3.1.ep7.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.src",
                "product": {
                  "name": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.src",
                  "product_id": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.1.16-1.redhat_1.1.ep7.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.src",
                "product": {
                  "name": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.src",
                  "product_id": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-xml-security@2.0.10-1.redhat_1.1.ep7.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.src",
                "product": {
                  "name": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.src",
                  "product_id": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wss4j@2.1.12-1.redhat_1.1.ep7.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.src",
                "product": {
                  "name": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.src",
                  "product_id": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.1.3-4.GA_redhat_3.1.ep7.el6?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
                  "product_id": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.1.16-1.redhat_1.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
                  "product_id": "eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.1.16-1.redhat_1.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
                  "product_id": "eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.1.16-1.redhat_1.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
                  "product_id": "eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.1.16-1.redhat_1.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.noarch",
                  "product_id": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-xml-security@2.0.10-1.redhat_1.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
                  "product_id": "eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-common@2.1.12-1.redhat_1.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
                  "product_id": "eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wss4j-policy@2.1.12-1.redhat_1.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
                  "product_id": "eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-stax@2.1.12-1.redhat_1.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
                  "product_id": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wss4j@2.1.12-1.redhat_1.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
                  "product_id": "eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-dom@2.1.12-1.redhat_1.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
                  "product_id": "eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wss4j-bindings@2.1.12-1.redhat_1.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
                  "product_id": "eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-policy-stax@2.1.12-1.redhat_1.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch",
                  "product_id": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.1.3-4.GA_redhat_3.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch",
                  "product_id": "eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.1.3-4.GA_redhat_3.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
                "product": {
                  "name": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
                  "product_id": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.1.16-1.redhat_1.1.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
                "product": {
                  "name": "eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
                  "product_id": "eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.1.16-1.redhat_1.1.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
                "product": {
                  "name": "eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
                  "product_id": "eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.1.16-1.redhat_1.1.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
                "product": {
                  "name": "eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
                  "product_id": "eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.1.16-1.redhat_1.1.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.noarch",
                "product": {
                  "name": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.noarch",
                  "product_id": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-xml-security@2.0.10-1.redhat_1.1.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
                "product": {
                  "name": "eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
                  "product_id": "eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-common@2.1.12-1.redhat_1.1.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
                "product": {
                  "name": "eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
                  "product_id": "eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wss4j-policy@2.1.12-1.redhat_1.1.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
                "product": {
                  "name": "eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
                  "product_id": "eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-stax@2.1.12-1.redhat_1.1.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
                "product": {
                  "name": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
                  "product_id": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wss4j@2.1.12-1.redhat_1.1.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
                "product": {
                  "name": "eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
                  "product_id": "eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wss4j-bindings@2.1.12-1.redhat_1.1.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
                "product": {
                  "name": "eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
                  "product_id": "eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-dom@2.1.12-1.redhat_1.1.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
                "product": {
                  "name": "eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
                  "product_id": "eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-policy-stax@2.1.12-1.redhat_1.1.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch",
                "product": {
                  "name": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch",
                  "product_id": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.1.3-4.GA_redhat_3.1.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch",
                "product": {
                  "name": "eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch",
                  "product_id": "eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.1.3-4.GA_redhat_3.1.ep7.el6?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.noarch"
        },
        "product_reference": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.src"
        },
        "product_reference": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el6.noarch"
        },
        "product_reference": "eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el6.noarch"
        },
        "product_reference": "eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el6.noarch"
        },
        "product_reference": "eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch"
        },
        "product_reference": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.src"
        },
        "product_reference": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch"
        },
        "product_reference": "eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.noarch"
        },
        "product_reference": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.src"
        },
        "product_reference": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el6.noarch"
        },
        "product_reference": "eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el6.noarch"
        },
        "product_reference": "eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el6.noarch"
        },
        "product_reference": "eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el6.noarch"
        },
        "product_reference": "eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch"
        },
        "product_reference": "eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch"
        },
        "product_reference": "eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.noarch"
        },
        "product_reference": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.src"
        },
        "product_reference": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.src"
        },
        "product_reference": "eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.src"
        },
        "product_reference": "eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.src"
        },
        "product_reference": "eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.src"
        },
        "product_reference": "eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-7.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-8039",
      "cwe": {
        "id": "CWE-248",
        "name": "Uncaught Exception"
      },
      "discovery_date": "2018-06-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1595332"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was discovered that when Apache CXF is configured to use the system property com.sun.net.ssl.internal.www.protocol ,it uses reflection to make the HostnameVerifier work with old com.sun.net.ssl.HostnameVerifier interface. Although the CXF implementation throws an exception, which is caught in the reflection code but it is not properly propagated, this can lead to a man-in-the-middle attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Logging the openshift-logging/elasticsearch6-rhel8 container bundles the vulnerable version of apache-cxf, but the vulnerable class is not shipped, hence this component is not affected by this vulnerability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.src",
          "6Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.src",
          "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.src",
          "6Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.src",
          "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.src",
          "7Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.src",
          "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.src",
          "7Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-8039"
        },
        {
          "category": "external",
          "summary": "RHBZ#1595332",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595332"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8039",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-8039"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8039",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8039"
        },
        {
          "category": "external",
          "summary": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1\u0026modificationDate=1530184663000\u0026api=v2",
          "url": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1\u0026modificationDate=1530184663000\u0026api=v2"
        }
      ],
      "release_date": "2018-06-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe JBoss server process must be restarted for the update to take effect.\n\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.src",
            "6Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.src",
            "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.src",
            "6Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.src",
            "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.src",
            "7Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.src",
            "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.src",
            "7Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2276"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.src",
            "6Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.src",
            "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.src",
            "6Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.src",
            "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.src",
            "7Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.src",
            "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.src",
            "7Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*"
    },
    {
      "cve": "CVE-2018-10862",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2018-06-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1593527"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that the explode function of the deployment utility in jboss-cli and console that allows extraction of files from an archive does not perform necessary validation for directory traversal. This can lead to remote code execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability can only be exploited by users with deployment permissions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.src",
          "6Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.src",
          "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.src",
          "6Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.noarch",
          "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.src",
          "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.src",
          "7Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.src",
          "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.src",
          "7Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-10862"
        },
        {
          "category": "external",
          "summary": "RHBZ#1593527",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10862",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-10862"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/research/zip-slip-vulnerability",
          "url": "https://snyk.io/research/zip-slip-vulnerability"
        }
      ],
      "release_date": "2018-06-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe JBoss server process must be restarted for the update to take effect.\n\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.src",
            "6Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.src",
            "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.src",
            "6Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.src",
            "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.src",
            "7Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.src",
            "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.src",
            "7Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2276"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.0"
          },
          "products": [
            "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el6.src",
            "6Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el6.src",
            "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el6.src",
            "6Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.noarch",
            "6Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el6.src",
            "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-apache-cxf-0:3.1.16-1.redhat_1.1.ep7.el7.src",
            "7Server-JBEAP-7.1:eap7-apache-cxf-rt-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-apache-cxf-services-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-apache-cxf-tools-0:3.1.16-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.3-4.GA_redhat_3.1.ep7.el7.src",
            "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.3-4.GA_redhat_3.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-0:2.1.12-1.redhat_1.1.ep7.el7.src",
            "7Server-JBEAP-7.1:eap7-wss4j-bindings-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-policy-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-ws-security-common-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-ws-security-dom-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-ws-security-policy-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-wss4j-ws-security-stax-0:2.1.12-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1:eap7-xml-security-0:2.0.10-1.redhat_1.1.ep7.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)"
    }
  ]
}

cve-2018-10862

Vulnerability from cvelistv5

Published

2018-07-27 14:00

Modified

2024-08-05 07:46

Severity

Summary

WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.

References

URL	Tags
https://snyk.io/research/zip-slip-vulnerability	x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2428	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2643	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2279	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2424	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2276	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2423	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2425	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2277	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:0877	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:46:47.486Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://snyk.io/research/zip-slip-vulnerability"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862"
          },
          {
            "name": "RHSA-2018:2428",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2428"
          },
          {
            "name": "RHSA-2018:2643",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2643"
          },
          {
            "name": "RHSA-2018:2279",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2279"
          },
          {
            "name": "RHSA-2018:2424",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2424"
          },
          {
            "name": "RHSA-2018:2276",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2276"
          },
          {
            "name": "RHSA-2018:2423",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2423"
          },
          {
            "name": "RHSA-2018:2425",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2425"
          },
          {
            "name": "RHSA-2018:2277",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2277"
          },
          {
            "name": "RHSA-2019:0877",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0877"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-06-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the \u0027Zip Slip\u0027 vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-24T21:06:03",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://snyk.io/research/zip-slip-vulnerability"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862"
        },
        {
          "name": "RHSA-2018:2428",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2428"
        },
        {
          "name": "RHSA-2018:2643",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2643"
        },
        {
          "name": "RHSA-2018:2279",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2279"
        },
        {
          "name": "RHSA-2018:2424",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2424"
        },
        {
          "name": "RHSA-2018:2276",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2276"
        },
        {
          "name": "RHSA-2018:2423",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2423"
        },
        {
          "name": "RHSA-2018:2425",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2425"
        },
        {
          "name": "RHSA-2018:2277",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2277"
        },
        {
          "name": "RHSA-2019:0877",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0877"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2018-10862",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the \u0027Zip Slip\u0027 vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://snyk.io/research/zip-slip-vulnerability",
              "refsource": "MISC",
              "url": "https://snyk.io/research/zip-slip-vulnerability"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862"
            },
            {
              "name": "RHSA-2018:2428",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2428"
            },
            {
              "name": "RHSA-2018:2643",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2643"
            },
            {
              "name": "RHSA-2018:2279",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2279"
            },
            {
              "name": "RHSA-2018:2424",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2424"
            },
            {
              "name": "RHSA-2018:2276",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2276"
            },
            {
              "name": "RHSA-2018:2423",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2423"
            },
            {
              "name": "RHSA-2018:2425",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2425"
            },
            {
              "name": "RHSA-2018:2277",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2277"
            },
            {
              "name": "RHSA-2019:0877",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0877"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-10862",
    "datePublished": "2018-07-27T14:00:00",
    "dateReserved": "2018-05-09T00:00:00",
    "dateUpdated": "2024-08-05T07:46:47.486Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-8039

Vulnerability from cvelistv5

Published

2018-07-02 13:00

Modified

2024-09-17 04:04

Severity

Summary

It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks.

References

URL	Tags
https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2428	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3817	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2643	vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866%40%3Cdev.cxf.apache.org%3E	mailing-list, x_refsource_MLIST
http://www.securityfocus.com/bid/106357	vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:2279	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2424	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2276	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2423	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2425	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2277	vendor-advisory, x_refsource_REDHAT
http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2	x_refsource_CONFIRM
http://www.securitytracker.com/id/1041199	vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2018:3768	vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E	mailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

Vendor	Product
Apache Software Foundation	Apache CXF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:13.458Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b"
          },
          {
            "name": "RHSA-2018:2428",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2428"
          },
          {
            "name": "RHSA-2018:3817",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3817"
          },
          {
            "name": "RHSA-2018:2643",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2643"
          },
          {
            "name": "[cxf-user] 20180628 Apache CXF 3.2.6 and 3.1.16 are released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866%40%3Cdev.cxf.apache.org%3E"
          },
          {
            "name": "106357",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106357"
          },
          {
            "name": "RHSA-2018:2279",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2279"
          },
          {
            "name": "RHSA-2018:2424",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2424"
          },
          {
            "name": "RHSA-2018:2276",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2276"
          },
          {
            "name": "RHSA-2018:2423",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2423"
          },
          {
            "name": "RHSA-2018:2425",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2425"
          },
          {
            "name": "RHSA-2018:2277",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2277"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1\u0026modificationDate=1530184663000\u0026api=v2"
          },
          {
            "name": "1041199",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041199"
          },
          {
            "name": "RHSA-2018:3768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3768"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"
          },
          {
            "name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"
          },
          {
            "name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
          },
          {
            "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
          },
          {
            "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache CXF",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 3.1.16"
            },
            {
              "status": "affected",
              "version": "3.2.x prior to 3.2.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via \u0027System.setProperty(\"java.protocol.handler.pkgs\", \"com.sun.net.ssl.internal.www.protocol\");\u0027. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Validation of Certificate with Host Mismatch",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-16T11:06:37",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b"
        },
        {
          "name": "RHSA-2018:2428",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2428"
        },
        {
          "name": "RHSA-2018:3817",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3817"
        },
        {
          "name": "RHSA-2018:2643",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2643"
        },
        {
          "name": "[cxf-user] 20180628 Apache CXF 3.2.6 and 3.1.16 are released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866%40%3Cdev.cxf.apache.org%3E"
        },
        {
          "name": "106357",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106357"
        },
        {
          "name": "RHSA-2018:2279",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2279"
        },
        {
          "name": "RHSA-2018:2424",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2424"
        },
        {
          "name": "RHSA-2018:2276",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2276"
        },
        {
          "name": "RHSA-2018:2423",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2423"
        },
        {
          "name": "RHSA-2018:2425",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2425"
        },
        {
          "name": "RHSA-2018:2277",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2277"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1\u0026modificationDate=1530184663000\u0026api=v2"
        },
        {
          "name": "1041199",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041199"
        },
        {
          "name": "RHSA-2018:3768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3768"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"
        },
        {
          "name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"
        },
        {
          "name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
        },
        {
          "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
        },
        {
          "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2018-8039",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache CXF",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to 3.1.16"
                          },
                          {
                            "version_value": "3.2.x prior to 3.2.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via \u0027System.setProperty(\"java.protocol.handler.pkgs\", \"com.sun.net.ssl.internal.www.protocol\");\u0027. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Validation of Certificate with Host Mismatch"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b",
              "refsource": "CONFIRM",
              "url": "https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b"
            },
            {
              "name": "RHSA-2018:2428",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2428"
            },
            {
              "name": "RHSA-2018:3817",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3817"
            },
            {
              "name": "RHSA-2018:2643",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2643"
            },
            {
              "name": "[cxf-user] 20180628 Apache CXF 3.2.6 and 3.1.16 are released",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866@%3Cdev.cxf.apache.org%3E"
            },
            {
              "name": "106357",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106357"
            },
            {
              "name": "RHSA-2018:2279",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2279"
            },
            {
              "name": "RHSA-2018:2424",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2424"
            },
            {
              "name": "RHSA-2018:2276",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2276"
            },
            {
              "name": "RHSA-2018:2423",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2423"
            },
            {
              "name": "RHSA-2018:2425",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2425"
            },
            {
              "name": "RHSA-2018:2277",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2277"
            },
            {
              "name": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1\u0026modificationDate=1530184663000\u0026api=v2",
              "refsource": "CONFIRM",
              "url": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1\u0026modificationDate=1530184663000\u0026api=v2"
            },
            {
              "name": "1041199",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041199"
            },
            {
              "name": "RHSA-2018:3768",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3768"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2018-8039",
    "datePublished": "2018-07-02T13:00:00Z",
    "dateReserved": "2018-03-09T00:00:00",
    "dateUpdated": "2024-09-17T04:04:46.184Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

rhsa-2018_2276

Vulnerability from csaf_redhat

cve-2018-10862

Vulnerability from cvelistv5

cve-2018-8039

Vulnerability from cvelistv5

Tags