RHSA-2018:2405CriticalCVSS 10.0

Red Hat Security Advisory: Red Hat FIS 2.0 on Fuse 6.3.0 R7 security and bug fix update

Published
August 14, 2018
Last Modified
June 30, 2026

🔗 CVE IDs covered (5)

📋 Description

CVE-2017-8046 — spring-boot: Malicious PATCH requests submitted to servers can use specially crafted JSON data to run arbitrary Java code CVE-2017-12196 — undertow: Client can use bogus uri in Digest authentication CVE-2018-1199 — spring-framework: Improper URL path validation allows for bypassing of security checks on static resources CVE-2018-1295 — ignite: Possible Execution of Arbitrary Code Within Deserialization Endpoints CVE-2018-9159 — spark: Absolute and relative pathnames allow for unintended static file disclosure

🔗 References (9)