Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R4 security and bug fix update
🔗 CVE IDs covered (11)
📋 Description
CVE-2015-6644 — bouncycastle: Information disclosure in GCMBlockCipher CVE-2016-8749 — camel-jacksonxml: Unmarshalling operation are vulnerable to RCE CVE-2016-9879 — Security: Improper handling of path parameters allows bypassing the security constraint CVE-2017-2589 — hawtio: Proxy is sharing cookies among all the clients CVE-2017-2594 — hawtio: information Disclosure flaws due to unsafe path traversal CVE-2017-3156 — cxf: CXF OAuth2 Hawk and JOSE MAC Validation code are vulnerable to timing attacks CVE-2017-5643 — camel-core: Validation component vulnerable to SSRF via remote DTDs and XXE CVE-2017-5653 — cxf: CXF JAX-RS XML Security streaming clients do not validate that the service response was signed or encrypted CVE-2017-5656 — cxf: CXF's STSClient uses a flawed way of caching tokens that are associated with delegation tokens CVE-2017-5929 — logback: Serialization vulnerability in SocketServer and ServerSocketReceiver CVE-2017-7957 — XStream: DoS when unmarshalling void type
🔗 References (17)
- selfhttps://access.redhat.com/errata/RHSA-2017:1832
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=securityPatches&version=6.3
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=jboss.amq&version=6.3.0
- externalhttps://access.redhat.com/documentation/en/red-hat-jboss-fuse/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1409838
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1413905
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1415543
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1420832
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1425455
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1432858
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1433374
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1441538
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1444015
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1445327
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1445329
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1832.json