rhsa-2021_3656
Vulnerability from csaf_redhat
Published
2021-09-23 16:18
Modified
2024-11-15 11:56
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.1 security update on RHEL 7
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.0 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.1 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* velocity: arbitrary code execution when attacker is able to modify templates (CVE-2020-13936)
* undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690)
* undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS (CVE-2021-3597)
* wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642)
* netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)
* netty: Request smuggling via content-length header (CVE-2021-21409)
* jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate (CVE-2021-28170)
* apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425)
* wildfly: XSS via admin console when creating roles in domain mode (CVE-2021-3536)
* wildfly-core: Invalid Sensitivity Classification of Vault Expression (CVE-2021-3644)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.0 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.1 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* velocity: arbitrary code execution when attacker is able to modify templates (CVE-2020-13936)\n\n* undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690)\n\n* undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS (CVE-2021-3597)\n\n* wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642)\n\n* netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate (CVE-2021-28170)\n\n* apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425)\n\n* wildfly: XSS via admin console when creating roles in domain mode (CVE-2021-3536)\n\n* wildfly-core: Invalid Sensitivity Classification of Vault Expression (CVE-2021-3644)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:3656",
"url": "https://access.redhat.com/errata/RHSA-2021:3656"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1937364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937364"
},
{
"category": "external",
"summary": "1937440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937440"
},
{
"category": "external",
"summary": "1944888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
},
{
"category": "external",
"summary": "1948001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948001"
},
{
"category": "external",
"summary": "1948752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948752"
},
{
"category": "external",
"summary": "1965497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965497"
},
{
"category": "external",
"summary": "1970930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970930"
},
{
"category": "external",
"summary": "1976052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976052"
},
{
"category": "external",
"summary": "1981407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407"
},
{
"category": "external",
"summary": "1991299",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991299"
},
{
"category": "external",
"summary": "JBEAP-18401",
"url": "https://issues.redhat.com/browse/JBEAP-18401"
},
{
"category": "external",
"summary": "JBEAP-21231",
"url": "https://issues.redhat.com/browse/JBEAP-21231"
},
{
"category": "external",
"summary": "JBEAP-21257",
"url": "https://issues.redhat.com/browse/JBEAP-21257"
},
{
"category": "external",
"summary": "JBEAP-21258",
"url": "https://issues.redhat.com/browse/JBEAP-21258"
},
{
"category": "external",
"summary": "JBEAP-21261",
"url": "https://issues.redhat.com/browse/JBEAP-21261"
},
{
"category": "external",
"summary": "JBEAP-21263",
"url": "https://issues.redhat.com/browse/JBEAP-21263"
},
{
"category": "external",
"summary": "JBEAP-21270",
"url": "https://issues.redhat.com/browse/JBEAP-21270"
},
{
"category": "external",
"summary": "JBEAP-21276",
"url": "https://issues.redhat.com/browse/JBEAP-21276"
},
{
"category": "external",
"summary": "JBEAP-21277",
"url": "https://issues.redhat.com/browse/JBEAP-21277"
},
{
"category": "external",
"summary": "JBEAP-21281",
"url": "https://issues.redhat.com/browse/JBEAP-21281"
},
{
"category": "external",
"summary": "JBEAP-21300",
"url": "https://issues.redhat.com/browse/JBEAP-21300"
},
{
"category": "external",
"summary": "JBEAP-21309",
"url": "https://issues.redhat.com/browse/JBEAP-21309"
},
{
"category": "external",
"summary": "JBEAP-21313",
"url": "https://issues.redhat.com/browse/JBEAP-21313"
},
{
"category": "external",
"summary": "JBEAP-21472",
"url": "https://issues.redhat.com/browse/JBEAP-21472"
},
{
"category": "external",
"summary": "JBEAP-21569",
"url": "https://issues.redhat.com/browse/JBEAP-21569"
},
{
"category": "external",
"summary": "JBEAP-21777",
"url": "https://issues.redhat.com/browse/JBEAP-21777"
},
{
"category": "external",
"summary": "JBEAP-21781",
"url": "https://issues.redhat.com/browse/JBEAP-21781"
},
{
"category": "external",
"summary": "JBEAP-21818",
"url": "https://issues.redhat.com/browse/JBEAP-21818"
},
{
"category": "external",
"summary": "JBEAP-21961",
"url": "https://issues.redhat.com/browse/JBEAP-21961"
},
{
"category": "external",
"summary": "JBEAP-21978",
"url": "https://issues.redhat.com/browse/JBEAP-21978"
},
{
"category": "external",
"summary": "JBEAP-22009",
"url": "https://issues.redhat.com/browse/JBEAP-22009"
},
{
"category": "external",
"summary": "JBEAP-22084",
"url": "https://issues.redhat.com/browse/JBEAP-22084"
},
{
"category": "external",
"summary": "JBEAP-22088",
"url": "https://issues.redhat.com/browse/JBEAP-22088"
},
{
"category": "external",
"summary": "JBEAP-22160",
"url": "https://issues.redhat.com/browse/JBEAP-22160"
},
{
"category": "external",
"summary": "JBEAP-22209",
"url": "https://issues.redhat.com/browse/JBEAP-22209"
},
{
"category": "external",
"summary": "JBEAP-22318",
"url": "https://issues.redhat.com/browse/JBEAP-22318"
},
{
"category": "external",
"summary": "JBEAP-22319",
"url": "https://issues.redhat.com/browse/JBEAP-22319"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3656.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.1 security update on RHEL 7",
"tracking": {
"current_release_date": "2024-11-15T11:56:02+00:00",
"generator": {
"date": "2024-11-15T11:56:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2021:3656",
"initial_release_date": "2021-09-23T16:18:03+00:00",
"revision_history": [
{
"date": "2021-09-23T16:18:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-09-23T16:18:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T11:56:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-yasson@1.0.9-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-velocity@2.3.0-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
"product": {
"name": "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
"product_id": "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketbox@5.0.3-9.Final_redhat_00008.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.63-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
"product": {
"name": "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
"product_id": "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jakarta-el@3.0.3-2.redhat_00006.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-commons-io@2.10.0-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-wildfly-integration@1.0.4-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.1-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.21-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.16-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.23-2.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.35-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.7-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.5-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.12-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
"product": {
"name": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
"product_id": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00013.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.1.8-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.14-2.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.9-2.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-8.Final_redhat_00009.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.1-2.GA_redhat_00003.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-yasson@1.0.9-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-velocity@2.3.0-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-velocity-engine-core@2.3.0-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"product": {
"name": "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"product_id": "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketbox@5.0.3-9.Final_redhat_00008.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"product": {
"name": "eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"product_id": "eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketbox-infinispan@5.0.3-9.Final_redhat_00008.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.63-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-all@4.1.63-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jakarta-el@3.0.3-2.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-commons-io@2.10.0-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-wildfly-integration@1.0.4-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.1-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.16-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.23-2.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.35-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.35-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.35-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.35-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.35-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.35-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.35-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.35-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.35-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.7-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.5-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.5-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.12-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.12-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.12-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.12-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.12-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.12-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.12-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.12-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.12-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.12-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
"product_id": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.1.8-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.1.8-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.1.8-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.1.8-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.14-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.9-2.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-8.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-8.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-8.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.1-2.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.1-2.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.1-2.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.1-2.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.1-2.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src"
},
"product_reference": "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch"
},
"product_reference": "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src"
},
"product_reference": "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch"
},
"product_reference": "eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src"
},
"product_reference": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13936",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2021-03-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1937440"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "velocity: arbitrary code execution when attacker is able to modify templates",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) openshift-logging/elasticsearch6-rhel8 container does contain a vulnerable version of velocity. The references to the library only occur in the x-pack component which is an enterprise-only feature of Elasticsearch - hence it has been marked as wontfix as this time and may be fixed in a future release. Additionally the hive container only references velocity in the testutils of the code but the code still exists in the container, as such it has been given a Moderate impact.\n\n* Velocity as shipped with Red Hat Enterprise Linux 6 is not affected because it does not contain the vulnerable code.\n\n* Velocity as shipped with Red Hat Enterprise Linux 7 contains a vulnerable version, but it is used as a dependency for IdM/ipa, which does not use the vulnerable functionality. It has been marked as Moderate for this reason.\n\n* Although velocity shipped in Red Hat Enterprise Linux 8\u0027s pki-deps:10.6 for IdM/ipa is a vulnerable version, the vulnerable code is not used by pki. It has been marked as Low for this reason.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-13936"
},
{
"category": "external",
"summary": "RHBZ#1937440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937440"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13936",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13936"
}
],
"release_date": "2021-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-23T16:18:03+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3656"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "velocity: arbitrary code execution when attacker is able to modify templates"
},
{
"acknowledgments": [
{
"names": [
"Damian Bury"
]
}
],
"cve": "CVE-2021-3536",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2021-02-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1948001"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack (XSS). The highest threat from this vulnerability is to confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: XSS via admin console when creating roles in domain mode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw does not affect Red Hat CodeReady Studio 12 because it uses the Wildfly client only. The domain mode is not used.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3536"
},
{
"category": "external",
"summary": "RHBZ#1948001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3536",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3536"
}
],
"release_date": "2021-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-23T16:18:03+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3656"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "wildfly: XSS via admin console when creating roles in domain mode"
},
{
"cve": "CVE-2021-3597",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2021-02-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1970930"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3597"
},
{
"category": "external",
"summary": "RHBZ#1970930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970930"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3597"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3597",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3597"
}
],
"release_date": "2021-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-23T16:18:03+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3656"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS"
},
{
"cve": "CVE-2021-3642",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"discovery_date": "2021-06-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1981407"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: possible timing attack in ScramServer",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3642"
},
{
"category": "external",
"summary": "RHBZ#1981407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3642",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3642"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3642",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3642"
}
],
"release_date": "2021-06-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-23T16:18:03+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3656"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: possible timing attack in ScramServer"
},
{
"acknowledgments": [
{
"names": [
"Darran Lofthouse"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2021-3644",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-24T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1976052"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-core: Invalid Sensitivity Classification of Vault Expression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CodeReady Studio 12 is not affected by this flaw as it does not ship the vulnerable component of wildfly.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3644"
},
{
"category": "external",
"summary": "RHBZ#1976052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976052"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3644",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3644"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3644",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3644"
}
],
"release_date": "2021-07-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-23T16:18:03+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3656"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "wildfly-core: Invalid Sensitivity Classification of Vault Expression"
},
{
"cve": "CVE-2021-3690",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2021-08-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1991299"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: buffer leak on incoming websocket PONG message may lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Although Red Hat OpenStack Platform packages the vulnerable code in Opendaylight, it does not use or support the undertow-encapsulating features. The security impact for RHOSP is therefore rated as Low and no update will be provided at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3690"
},
{
"category": "external",
"summary": "RHBZ#1991299",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991299"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3690"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3690",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3690"
}
],
"release_date": "2021-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-23T16:18:03+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3656"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: buffer leak on incoming websocket PONG message may lead to DoS"
},
{
"cve": "CVE-2021-21295",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2021-03-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1937364"
}
],
"notes": [
{
"category": "description",
"text": "In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel\u0027s pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: possible request smuggling in HTTP/2 due missing validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21295"
},
{
"category": "external",
"summary": "RHBZ#1937364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937364"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21295",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21295"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj",
"url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
}
],
"release_date": "2021-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-23T16:18:03+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3656"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: possible request smuggling in HTTP/2 due missing validation"
},
{
"cve": "CVE-2021-21409",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2021-03-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1944888"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Request smuggling via content-length header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite ships a vulnerable Netty version embedded in Candlepin. However, it is not directly vulnerable since the HTTP requests are handled by Tomcat and not by Netty.\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21409"
},
{
"category": "external",
"summary": "RHBZ#1944888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
"url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
}
],
"release_date": "2021-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-23T16:18:03+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3656"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: Request smuggling via content-length header"
},
{
"cve": "CVE-2021-28170",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-05-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1965497"
}
],
"notes": [
{
"category": "description",
"text": "In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-28170"
},
{
"category": "external",
"summary": "RHBZ#1965497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965497"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-28170",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28170"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28170",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28170"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/",
"url": "https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/"
}
],
"release_date": "2021-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-23T16:18:03+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3656"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate"
},
{
"cve": "CVE-2021-29425",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2021-04-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1948752"
}
],
"notes": [
{
"category": "description",
"text": "In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like \"//../foo\", or \"\\\\..\\foo\", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus \"limited\" path traversal), if the calling code would use the result to construct a path value.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While the apache-commons-io package included in Red Hat Enterprise Linux 8 Maven App Stream contains the vulnerable code, it is not used in any way by Maven or other packages in this module. This package is not an API component of Maven, thus the affected code can not be reached in any supported scenario.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-29425"
},
{
"category": "external",
"summary": "RHBZ#1948752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948752"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29425"
}
],
"release_date": "2021-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-23T16:18:03+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3656"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6"
}
]
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.