RHSA-2020:2367HighCVSS 7.6
Red Hat Security Advisory: Red Hat support for Spring Boot 2.1.13 security and bug fix update
🔗 CVE IDs covered (4)
📋 Description
CVE-2019-14888 — undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS CVE-2020-1745 — undertow: AJP File Read/Inclusion Vulnerability CVE-2020-1935 — tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling CVE-2020-1938 — tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2020:2367
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=catRhoar.spring.boot&downloadType=distributions&version=2.1.13
- externalhttps://access.redhat.com/documentation/en-us/red_hat_support_for_spring_boot/2.1/html-single/release_notes_for_spring_boot_2.1/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1772464
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1806398
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1806835
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1807305
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2367.json