RHSA-2018:2405CriticalCVSS 10.0
Red Hat Security Advisory: Red Hat FIS 2.0 on Fuse 6.3.0 R7 security and bug fix update
🔗 CVE IDs covered (5)
📋 Description
CVE-2017-8046 — spring-boot: Malicious PATCH requests submitted to servers can use specially crafted JSON data to run arbitrary Java code CVE-2017-12196 — undertow: Client can use bogus uri in Digest authentication CVE-2018-1199 — spring-framework: Improper URL path validation allows for bypassing of security checks on static resources CVE-2018-1295 — ignite: Possible Execution of Arbitrary Code Within Deserialization Endpoints CVE-2018-9159 — spark: Absolute and relative pathnames allow for unintended static file disclosure
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2018:2405
- externalhttps://access.redhat.com/security/updates/classification/#critical
- externalhttps://access.redhat.com/articles/3060411
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1503055
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1540030
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1553024
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1563133
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1563732
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2405.json