RHSA-2017:2811HighCVSS 9.8

Red Hat Security Advisory: eap7-jboss-ec2-eap security update

Published
September 26, 2017
Last Modified
June 30, 2026

🔗 CVE IDs covered (6)

📋 Description

CVE-2014-9970 — jasypt: Vulnerable to timing attack against the password hash comparison CVE-2015-6644 — bouncycastle: Information disclosure in GCMBlockCipher CVE-2017-2582 — keycloak: SAML request parser replaces special strings with system properties CVE-2017-5645 — log4j: Socket receiver deserialization vulnerability CVE-2017-7536 — hibernate-validator: Privilege escalation when running under the security manager CVE-2019-17571 — log4j: deserialization of untrusted data in SocketServer

🔗 References (11)