Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.0 security update
🔗 CVE IDs covered (17)
📋 Description
CVE-2016-4978 — Artemis: Deserialization of untrusted input vulnerability CVE-2016-4993 — eap: HTTP header injection / response splitting CVE-2016-5406 — EAP7 Privilege escalation when managing domain including earlier version slaves CVE-2016-6311 — EAP7: Internal IP address disclosed on redirect when request header Host field is not set CVE-2016-7046 — undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS CVE-2016-7061 — EAP: Sensitive data can be exposed at the server level in domain mode CVE-2016-8627 — admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files CVE-2016-8656 — jboss: jbossas: unsafe chown of server.log in jboss init script allows privilege escalation CVE-2016-9589 — wildfly: ParseState headerValuesCache can be exploited to fill heap with garbage CVE-2017-2595 — wildfly: Arbitrary file read via path traversal CVE-2017-2666 — undertow: HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests CVE-2017-2670 — undertow: IO thread DoS via unclean Websocket closing CVE-2017-7525 — jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper CVE-2017-7536 — hibernate-validator: Privilege escalation when running under the security manager CVE-2017-7559 — undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666) CVE-2017-12165 — undertow: improper whitespace parsing leading to potential HTTP request smuggling CVE-2017-12167 — EAP-7: Wrong privileges on multiple property files
🔗 References (22)
- selfhttps://access.redhat.com/errata/RHSA-2017:3455
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1344321
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1359014
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1362735
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1376646
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1379207
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1380852
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1388240
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1400344
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1404782
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1413028
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1436163
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1438885
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1462702
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1465573
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1481665
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1490301
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1491612
- externalhttps://issues.redhat.com/browse/JBEAP-5323
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3455.json