RHSA-2017:1410MediumCVSS 8.1
Red Hat Security Advisory: JBoss Enterprise Application Platform 7.0.6 on Red Hat Enterprise Linux 6
🔗 CVE IDs covered (4)
📋 Description
CVE-2016-9606 — Resteasy: Yaml unmarshalling vulnerable to RCE CVE-2017-2595 — wildfly: Arbitrary file read via path traversal CVE-2017-2666 — undertow: HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests CVE-2017-2670 — undertow: IO thread DoS via unclean Websocket closing
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2017:1410
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/
- externalhttps://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/installation-guide/
- externalhttps://access.redhat.com/documentation/en/jboss-enterprise-application-platform/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1400644
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1413028
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1436163
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1438885
- externalhttps://issues.redhat.com/browse/JBEAP-8075
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1410.json