RHSA-2017:3239HighCVSS 7.5
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.18 security update
🔗 CVE IDs covered (6)
📋 Description
CVE-2009-3560 — expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences CVE-2009-3720 — expat: buffer over-read and crash on XML with malformed UTF-8 sequences CVE-2012-0876 — expat: hash table collisions CPU usage DoS CVE-2016-2183 — SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) CVE-2017-9788 — httpd: Uninitialized memory reflection in mod_auth_digest CVE-2017-9798 — httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)
🔗 References (12)
- selfhttps://access.redhat.com/errata/RHSA-2017:3239
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/documentation/en/jboss-enterprise-application-platform/
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.4
- externalhttps://access.redhat.com/articles/3229231
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1369383
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1470748
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1508880
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1508884
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1508885
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3239.json