Red Hat Security Advisory: Red Hat Fuse 7.2 security update

CVE-2016-5002 — xmlrpc: XML external entity vulnerability SSRF via a crafted DTD CVE-2016-5003 — xmlrpc: Deserialization of untrusted Java object through ex:serializable tag CVE-2017-12196 — undertow: Client can use bogus uri in Digest authentication CVE-2018-1257 — spring-framework: ReDoS Attack with spring-messaging CVE-2018-1259 — spring-data-commons: XXE with Spring Data’s XMLBeam integration CVE-2018-1288 — kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass CVE-2018-1336 — tomcat: A bug in the UTF-8 decoder can lead to DoS CVE-2018-8014 — tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins CVE-2018-8018 — ignite: Improper deserialization allows for code execution via GridClientJdkMarshaller endpoint CVE-2018-8039 — apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* CVE-2018-8041 — camel-mail: path traversal vulnerability CVE-2018-12537 — vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers