RHSA-2017:1832HighCVSS 8.7

Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R4 security and bug fix update

Published
August 10, 2017
Last Modified
June 30, 2026

🔗 CVE IDs covered (11)

📋 Description

CVE-2015-6644 — bouncycastle: Information disclosure in GCMBlockCipher CVE-2016-8749 — camel-jacksonxml: Unmarshalling operation are vulnerable to RCE CVE-2016-9879 — Security: Improper handling of path parameters allows bypassing the security constraint CVE-2017-2589 — hawtio: Proxy is sharing cookies among all the clients CVE-2017-2594 — hawtio: information Disclosure flaws due to unsafe path traversal CVE-2017-3156 — cxf: CXF OAuth2 Hawk and JOSE MAC Validation code are vulnerable to timing attacks CVE-2017-5643 — camel-core: Validation component vulnerable to SSRF via remote DTDs and XXE CVE-2017-5653 — cxf: CXF JAX-RS XML Security streaming clients do not validate that the service response was signed or encrypted CVE-2017-5656 — cxf: CXF's STSClient uses a flawed way of caching tokens that are associated with delegation tokens CVE-2017-5929 — logback: Serialization vulnerability in SocketServer and ServerSocketReceiver CVE-2017-7957 — XStream: DoS when unmarshalling void type

🔗 References (17)