RHSA-2020:0161HighCVSS 8.1

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.6 on RHEL 8 security update

Published
January 21, 2020
Last Modified
June 27, 2026

🔗 CVE IDs covered (12)

📋 Description

CVE-2019-10219 — hibernate-validator: safeHTML validator allows XSS CVE-2019-14540 — jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig CVE-2019-14885 — EAP: Vault system property security attribute value is revealed on CLI 'reload' command CVE-2019-14888 — undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS CVE-2019-14892 — jackson-databind: Serialization gadgets in classes of the commons-configuration package CVE-2019-14893 — jackson-databind: Serialization gadgets in classes of the xalan package CVE-2019-16335 — jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource CVE-2019-16869 — netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers CVE-2019-16942 — jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.* CVE-2019-16943 — jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource CVE-2019-17267 — jackson-databind: Serialization gadgets in classes of the ehcache package CVE-2019-17531 — jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*

🔗 References (36)