Red Hat Security Advisory: Red Hat Decision Manager 7.8.0 Security Update
🔗 CVE IDs covered (31)
📋 Description
CVE-2019-9512 — HTTP/2: flood using PING frames results in unbounded memory growth CVE-2019-9514 — HTTP/2: flood using HEADERS frames results in unbounded memory growth CVE-2019-9515 — HTTP/2: flood using SETTINGS frames results in unbounded memory growth CVE-2019-9518 — HTTP/2: flood using empty frames results in excessive resource consumption CVE-2019-12406 — cxf: does not restrict the number of message attachments CVE-2019-12423 — cxf: OpenId Connect token service does not properly validate the clientId CVE-2019-13990 — libquartz: XXE attacks via job description CVE-2019-16869 — netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers CVE-2019-17573 — cxf: reflected XSS in the services listing page CVE-2019-20330 — jackson-databind: lacks certain net.sf.ehcache blocking CVE-2019-20444 — netty: HTTP request smuggling CVE-2019-20445 — netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header CVE-2020-1718 — keycloak: security issue on reset credential flow CVE-2020-7238 — netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling CVE-2020-8840 — jackson-databind: Lacks certain xbean-reflect/JNDI blocking CVE-2020-9546 — jackson-databind: Serialization gadgets in shaded-hikari-config CVE-2020-9547 — jackson-databind: Serialization gadgets in ibatis-sqlmap CVE-2020-9548 — jackson-databind: Serialization gadgets in anteros-core CVE-2020-10672 — jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution CVE-2020-10673 — jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution CVE-2020-10968 — jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider CVE-2020-10969 — jackson-databind: Serialization gadgets in javax.swing.JEditorPane CVE-2020-11111 — jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory CVE-2020-11112 — jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider CVE-2020-11113 — jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime CVE-2020-11612 — netty: compression/decompression codecs don't enforce limits on buffer allocation sizes CVE-2020-11619 — jackson-databind: Serialization gadgets in org.springframework:spring-aop CVE-2020-11620 — jackson-databind: Serialization gadgets in commons-jelly:commons-jelly CVE-2020-14060 — jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool CVE-2020-14061 — jackson-databind: serialization in weblogic/oracle-aqjms CVE-2020-14062 — jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool
🔗 References (36)
- selfhttps://access.redhat.com/errata/RHSA-2020:3196
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=rhdm&version=7.8.0
- externalhttps://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1735645
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1735744
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1735745
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1735749
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1758619
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1793154
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1796225
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1796756
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1797006
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1797011
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1798509
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1798524
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1801149
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1815470
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1815495
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1816170
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1816216
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1816330
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1816332
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1816337
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1816340
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1819208
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1819212
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1821304
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1821311
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1821315
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1826798
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1826805
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1848960
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1848962
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1848966
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3196.json