rhsa-2022_4918
Vulnerability from csaf_redhat
Published
2022-06-06 15:54
Modified
2024-09-18 04:48
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)
* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)
* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)
* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)
* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:4918",
"url": "https://access.redhat.com/errata/RHSA-2022:4918"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "2004133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
},
{
"category": "external",
"summary": "2004135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
},
{
"category": "external",
"summary": "2031958",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958"
},
{
"category": "external",
"summary": "2039403",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403"
},
{
"category": "external",
"summary": "2041472",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472"
},
{
"category": "external",
"summary": "2044596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596"
},
{
"category": "external",
"summary": "2047200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200"
},
{
"category": "external",
"summary": "2047343",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343"
},
{
"category": "external",
"summary": "2060725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725"
},
{
"category": "external",
"summary": "2060929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929"
},
{
"category": "external",
"summary": "2063601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601"
},
{
"category": "external",
"summary": "2064226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"
},
{
"category": "external",
"summary": "2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "2073890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
},
{
"category": "external",
"summary": "JBEAP-23120",
"url": "https://issues.redhat.com/browse/JBEAP-23120"
},
{
"category": "external",
"summary": "JBEAP-23171",
"url": "https://issues.redhat.com/browse/JBEAP-23171"
},
{
"category": "external",
"summary": "JBEAP-23194",
"url": "https://issues.redhat.com/browse/JBEAP-23194"
},
{
"category": "external",
"summary": "JBEAP-23241",
"url": "https://issues.redhat.com/browse/JBEAP-23241"
},
{
"category": "external",
"summary": "JBEAP-23299",
"url": "https://issues.redhat.com/browse/JBEAP-23299"
},
{
"category": "external",
"summary": "JBEAP-23300",
"url": "https://issues.redhat.com/browse/JBEAP-23300"
},
{
"category": "external",
"summary": "JBEAP-23312",
"url": "https://issues.redhat.com/browse/JBEAP-23312"
},
{
"category": "external",
"summary": "JBEAP-23313",
"url": "https://issues.redhat.com/browse/JBEAP-23313"
},
{
"category": "external",
"summary": "JBEAP-23336",
"url": "https://issues.redhat.com/browse/JBEAP-23336"
},
{
"category": "external",
"summary": "JBEAP-23338",
"url": "https://issues.redhat.com/browse/JBEAP-23338"
},
{
"category": "external",
"summary": "JBEAP-23339",
"url": "https://issues.redhat.com/browse/JBEAP-23339"
},
{
"category": "external",
"summary": "JBEAP-23351",
"url": "https://issues.redhat.com/browse/JBEAP-23351"
},
{
"category": "external",
"summary": "JBEAP-23353",
"url": "https://issues.redhat.com/browse/JBEAP-23353"
},
{
"category": "external",
"summary": "JBEAP-23429",
"url": "https://issues.redhat.com/browse/JBEAP-23429"
},
{
"category": "external",
"summary": "JBEAP-23432",
"url": "https://issues.redhat.com/browse/JBEAP-23432"
},
{
"category": "external",
"summary": "JBEAP-23451",
"url": "https://issues.redhat.com/browse/JBEAP-23451"
},
{
"category": "external",
"summary": "JBEAP-23531",
"url": "https://issues.redhat.com/browse/JBEAP-23531"
},
{
"category": "external",
"summary": "JBEAP-23532",
"url": "https://issues.redhat.com/browse/JBEAP-23532"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_4918.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7",
"tracking": {
"current_release_date": "2024-09-18T04:48:44+00:00",
"generator": {
"date": "2024-09-18T04:48:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2022:4918",
"initial_release_date": "2022-06-06T15:54:15+00:00",
"revision_history": [
{
"date": "2022-06-06T15:54:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-06-06T15:54:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-18T04:48:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"product_id": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"product": {
"name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"product_id": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.6-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"product_id": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src",
"product_id": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"product": {
"name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"product_id": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"product_id": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"product_id": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"product_id": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.6-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.6-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.6-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.6-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.6-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.12-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"product_id": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-16.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-16.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"product": {
"name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"product_id": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-all@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-buffer@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-http@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-common@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-handler@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-resolver@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-rxtx@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-udt@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-9.redhat_00042.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-9.redhat_00042.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-9.redhat_00042.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-9.redhat_00042.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-9.redhat_00042.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-9.redhat_00042.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-9.redhat_00042.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-9.redhat_00042.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-9.redhat_00042.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-9.redhat_00042.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-9.redhat_00042.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-9.redhat_00042.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-9.redhat_00042.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-9.redhat_00042.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-9.redhat_00042.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"product": {
"name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"product_id": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el7eap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"product": {
"name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"product_id": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.72-1.Final_redhat_00001.1.el7eap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src"
},
"product_reference": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64"
},
"product_reference": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64"
},
"product_reference": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch"
},
"product_reference": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src"
},
"product_reference": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: denial of service via a large depth of nested objects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36518"
},
{
"category": "external",
"summary": "RHBZ#2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2",
"url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2"
}
],
"release_date": "2020-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4918"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: denial of service via a large depth of nested objects"
},
{
"cve": "CVE-2021-37136",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-09-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2004133"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-37136"
},
{
"category": "external",
"summary": "RHBZ#2004133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
}
],
"release_date": "2021-09-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4918"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data"
},
{
"cve": "CVE-2021-37137",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-09-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2004135"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-37137"
},
{
"category": "external",
"summary": "RHBZ#2004135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
}
],
"release_date": "2021-09-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4918"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way"
},
{
"cve": "CVE-2021-42392",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-01-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2039403"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "h2: Remote Code Execution in Console",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-42392"
},
{
"category": "external",
"summary": "RHBZ#2039403",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42392"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392"
},
{
"category": "external",
"summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6",
"url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6"
}
],
"release_date": "2022-01-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4918"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "h2: Remote Code Execution in Console"
},
{
"cve": "CVE-2021-43797",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2031958"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: control chars in header names may lead to HTTP request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43797"
},
{
"category": "external",
"summary": "RHBZ#2031958",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq",
"url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4918"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "netty: control chars in header names may lead to HTTP request smuggling"
},
{
"cve": "CVE-2022-0084",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-03-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064226"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0084"
},
{
"category": "external",
"summary": "RHBZ#2064226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0084"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084"
}
],
"release_date": "2022-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4918"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr"
},
{
"cve": "CVE-2022-0853",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2022-03-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2060725"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jboss-client: memory leakage in remote client transaction",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0853"
},
{
"category": "external",
"summary": "RHBZ#2060725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0853"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853"
}
],
"release_date": "2022-03-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4918"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jboss-client: memory leakage in remote client transaction"
},
{
"acknowledgments": [
{
"names": [
"Oliver Bieri"
],
"organization": "Schindler Elevator Ltd., Switzerland"
}
],
"cve": "CVE-2022-0866",
"cwe": {
"id": "CWE-1220",
"name": "Insufficient Granularity of Access Control"
},
"discovery_date": "2022-02-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2060929"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0866"
},
{
"category": "external",
"summary": "RHBZ#2060929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0866"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866"
}
],
"release_date": "2022-05-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4918"
},
{
"category": "workaround",
"details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled"
},
{
"cve": "CVE-2022-1319",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-04-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2073890"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1319"
},
{
"category": "external",
"summary": "RHBZ#2073890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319"
}
],
"release_date": "2022-04-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4918"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures"
},
{
"cve": "CVE-2022-21299",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2022-01-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2041472"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21299"
},
{
"category": "external",
"summary": "RHBZ#2041472",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299"
}
],
"release_date": "2022-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4918"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)"
},
{
"cve": "CVE-2022-21363",
"cwe": {
"id": "CWE-280",
"name": "Improper Handling of Insufficient Permissions or Privileges "
},
"discovery_date": "2022-01-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2047343"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21363"
},
{
"category": "external",
"summary": "RHBZ#2047343",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21363"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL"
}
],
"release_date": "2022-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4918"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors"
},
{
"cve": "CVE-2022-23221",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-01-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044596"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "h2: Loading of custom classes from remote servers through JNDI",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23221"
},
{
"category": "external",
"summary": "RHBZ#2044596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-45hx-wfhj-473x",
"url": "https://github.com/advisories/GHSA-45hx-wfhj-473x"
}
],
"release_date": "2022-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4918"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "h2: Loading of custom classes from remote servers through JNDI"
},
{
"acknowledgments": [
{
"names": [
"Sergey Temnikov",
"Ziyi Luo"
],
"organization": "Amazon Corretto",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-23437",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2022-01-24T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2047200"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xerces-j2: infinite loop when handling specially crafted XML document payloads",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23437"
},
{
"category": "external",
"summary": "RHBZ#2047200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23437"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437"
}
],
"release_date": "2022-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4918"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xerces-j2: infinite loop when handling specially crafted XML document payloads"
},
{
"cve": "CVE-2022-23913",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-02-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2063601"
}
],
"notes": [
{
"category": "description",
"text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "artemis-commons: Apache ActiveMQ Artemis DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23913"
},
{
"category": "external",
"summary": "RHBZ#2063601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2",
"url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2"
}
],
"release_date": "2022-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4918"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "artemis-commons: Apache ActiveMQ Artemis DoS"
},
{
"cve": "CVE-2022-24785",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-04-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072009"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moment.js: Path traversal in moment.locale",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24785"
},
{
"category": "external",
"summary": "RHBZ#2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
"url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
}
],
"release_date": "2022-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4918"
},
{
"category": "workaround",
"details": "Sanitize the user-provided locale name before passing it to Moment.js.",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moment.js: Path traversal in moment.locale"
}
]
}
Loading...