RHSA-2018:0003HighCVSS 9.8
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.0.9 security update
🔗 CVE IDs covered (7)
📋 Description
CVE-2016-6346 — RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack CVE-2017-7559 — undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666) CVE-2017-7561 — resteasy: Vary header not added by CORS filter leading to cache poisoning CVE-2017-12165 — undertow: improper whitespace parsing leading to potential HTTP request smuggling CVE-2017-12167 — EAP-7: Wrong privileges on multiple property files CVE-2017-12189 — jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for CVE-2016-8656) CVE-2017-12629 — Solr: Code execution via entity expansion
🔗 References (13)
- selfhttps://access.redhat.com/errata/RHSA-2018:0003
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.0
- externalhttps://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/
- externalhttps://access.redhat.com/documentation/en/jboss-enterprise-application-platform/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1372120
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1481665
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1483823
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1490301
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1491612
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1499631
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1501529
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0003.json