Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.6 security update
🔗 CVE IDs covered (12)
📋 Description
CVE-2019-10219 — hibernate-validator: safeHTML validator allows XSS CVE-2019-14540 — jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig CVE-2019-14885 — EAP: Vault system property security attribute value is revealed on CLI 'reload' command CVE-2019-14888 — undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS CVE-2019-14892 — jackson-databind: Serialization gadgets in classes of the commons-configuration package CVE-2019-14893 — jackson-databind: Serialization gadgets in classes of the xalan package CVE-2019-16335 — jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource CVE-2019-16869 — netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers CVE-2019-16942 — jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.* CVE-2019-16943 — jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource CVE-2019-17267 — jackson-databind: Serialization gadgets in classes of the ehcache package CVE-2019-17531 — jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*
🔗 References (38)
- selfhttps://access.redhat.com/errata/RHSA-2020:0164
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.2
- externalhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/
- externalhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1738673
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1755831
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1755849
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1758167
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1758171
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1758182
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1758187
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1758191
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1758619
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1770615
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1772464
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1775293
- externalhttps://issues.redhat.com/browse/JBEAP-17491
- externalhttps://issues.redhat.com/browse/JBEAP-17541
- externalhttps://issues.redhat.com/browse/JBEAP-17651
- externalhttps://issues.redhat.com/browse/JBEAP-17652
- externalhttps://issues.redhat.com/browse/JBEAP-17666
- externalhttps://issues.redhat.com/browse/JBEAP-17773
- externalhttps://issues.redhat.com/browse/JBEAP-17779
- externalhttps://issues.redhat.com/browse/JBEAP-17789
- externalhttps://issues.redhat.com/browse/JBEAP-17805
- externalhttps://issues.redhat.com/browse/JBEAP-17837
- externalhttps://issues.redhat.com/browse/JBEAP-17887
- externalhttps://issues.redhat.com/browse/JBEAP-17898
- externalhttps://issues.redhat.com/browse/JBEAP-17905
- externalhttps://issues.redhat.com/browse/JBEAP-17906
- externalhttps://issues.redhat.com/browse/JBEAP-17940
- externalhttps://issues.redhat.com/browse/JBEAP-17945
- externalhttps://issues.redhat.com/browse/JBEAP-17974
- externalhttps://issues.redhat.com/browse/JBEAP-17998
- externalhttps://issues.redhat.com/browse/JBEAP-18169
- externalhttps://issues.redhat.com/browse/JBEAP-18170
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0164.json