RHSA-2017:1412MediumCVSS 8.1
Red Hat Security Advisory: eap7-jboss-ec2-eap security update
🔗 CVE IDs covered (4)
📋 Description
CVE-2016-9606 — Resteasy: Yaml unmarshalling vulnerable to RCE CVE-2017-2595 — wildfly: Arbitrary file read via path traversal CVE-2017-2666 — undertow: HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests CVE-2017-2670 — undertow: IO thread DoS via unclean Websocket closing
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2017:1412
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/
- externalhttps://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/installation-guide/
- externalhttps://access.redhat.com/documentation/en/jboss-enterprise-application-platform/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1400644
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1413028
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1436163
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1438885
- externalhttps://issues.redhat.com/browse/JBEAP-8077
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1412.json