RHSA-2018:0002HighCVSS 9.8
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.0.9 security update on RHEL 6
🔗 CVE IDs covered (7)
📋 Description
CVE-2016-6346 — RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack CVE-2017-7559 — undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666) CVE-2017-7561 — resteasy: Vary header not added by CORS filter leading to cache poisoning CVE-2017-12165 — undertow: improper whitespace parsing leading to potential HTTP request smuggling CVE-2017-12167 — EAP-7: Wrong privileges on multiple property files CVE-2017-12189 — jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for CVE-2016-8656) CVE-2017-12629 — Solr: Code execution via entity expansion
🔗 References (14)
- selfhttps://access.redhat.com/errata/RHSA-2018:0002
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/
- externalhttps://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/installation-guide/
- externalhttps://access.redhat.com/documentation/en/jboss-enterprise-application-platform/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1372120
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1481665
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1483823
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1490301
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1491612
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1499631
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1501529
- externalhttps://issues.redhat.com/browse/JBEAP-12349
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0002.json