RHSA-2017:3244HighCVSS 9.8
Red Hat Security Advisory: Red Hat JBoss Data Grid 7.1.1 security update
🔗 CVE IDs covered (5)
📋 Description
CVE-2016-0750 — client: unchecked deserialization in marshaller util CVE-2017-2670 — undertow: IO thread DoS via unclean Websocket closing CVE-2017-5645 — log4j: Socket receiver deserialization vulnerability CVE-2017-12629 — Solr: Code execution via entity expansion CVE-2019-17571 — log4j: deserialization of untrusted data in SocketServer
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2017:3244
- externalhttps://access.redhat.com/security/vulnerabilities/CVE-2017-12629
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid&downloadType=distributions&version=7.1.1
- externalhttps://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1300443
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1443635
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1501529
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3244.json