RHSA-2017:3454HighCVSS 8.1

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.0 security update

Published
December 13, 2017
Last Modified
June 30, 2026

🔗 CVE IDs covered (17)

📋 Description

CVE-2016-4978 — Artemis: Deserialization of untrusted input vulnerability CVE-2016-4993 — eap: HTTP header injection / response splitting CVE-2016-5406 — EAP7 Privilege escalation when managing domain including earlier version slaves CVE-2016-6311 — EAP7: Internal IP address disclosed on redirect when request header Host field is not set CVE-2016-7046 — undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS CVE-2016-7061 — EAP: Sensitive data can be exposed at the server level in domain mode CVE-2016-8627 — admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files CVE-2016-8656 — jboss: jbossas: unsafe chown of server.log in jboss init script allows privilege escalation CVE-2016-9589 — wildfly: ParseState headerValuesCache can be exploited to fill heap with garbage CVE-2017-2595 — wildfly: Arbitrary file read via path traversal CVE-2017-2666 — undertow: HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests CVE-2017-2670 — undertow: IO thread DoS via unclean Websocket closing CVE-2017-7525 — jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper CVE-2017-7536 — hibernate-validator: Privilege escalation when running under the security manager CVE-2017-7559 — undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666) CVE-2017-12165 — undertow: improper whitespace parsing leading to potential HTTP request smuggling CVE-2017-12167 — EAP-7: Wrong privileges on multiple property files

🔗 References (22)