RHSA-2018:0004HighCVSS 9.8

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.0.9 security update on RHEL 7

Published
January 3, 2018
Last Modified
June 30, 2026

🔗 CVE IDs covered (7)

📋 Description

CVE-2016-6346 — RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack CVE-2017-7559 — undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666) CVE-2017-7561 — resteasy: Vary header not added by CORS filter leading to cache poisoning CVE-2017-12165 — undertow: improper whitespace parsing leading to potential HTTP request smuggling CVE-2017-12167 — EAP-7: Wrong privileges on multiple property files CVE-2017-12189 — jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for CVE-2016-8656) CVE-2017-12629 — Solr: Code execution via entity expansion

🔗 References (14)