Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
🔗 CVE IDs covered (14)
📋 Description
CVE-2019-14900 — hibernate: SQL injection issue in Hibernate ORM CVE-2020-1710 — EAP: field-name is not parsed in accordance to RFC7230 CVE-2020-1748 — Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain CVE-2020-10672 — jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution CVE-2020-10673 — jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution CVE-2020-10683 — dom4j: XML External Entity vulnerability in default SAX parser CVE-2020-10687 — Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests CVE-2020-10693 — hibernate-validator: Improper input validation in the interpolation of constraint error messages CVE-2020-10714 — wildfly-elytron: session fixation when using FORM authentication CVE-2020-10718 — wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API CVE-2020-10740 — wildfly: unsafe deserialization in Wildfly Enterprise Java Beans CVE-2020-11612 — netty: compression/decompression codecs don't enforce limits on buffer allocation sizes CVE-2020-14297 — wildfly: Some EJB transaction objects may get accumulated causing Denial of Service CVE-2020-14307 — wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service
🔗 References (32)
- selfhttps://access.redhat.com/errata/RHSA-2020:3464
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1666499
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1694235
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1785049
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1793970
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1805501
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1807707
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1815470
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1815495
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1825714
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1828476
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1834512
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1851327
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1853595
- externalhttps://issues.redhat.com/browse/JBEAP-19095
- externalhttps://issues.redhat.com/browse/JBEAP-19134
- externalhttps://issues.redhat.com/browse/JBEAP-19185
- externalhttps://issues.redhat.com/browse/JBEAP-19203
- externalhttps://issues.redhat.com/browse/JBEAP-19269
- externalhttps://issues.redhat.com/browse/JBEAP-19322
- externalhttps://issues.redhat.com/browse/JBEAP-19325
- externalhttps://issues.redhat.com/browse/JBEAP-19397
- externalhttps://issues.redhat.com/browse/JBEAP-19529
- externalhttps://issues.redhat.com/browse/JBEAP-19564
- externalhttps://issues.redhat.com/browse/JBEAP-19585
- externalhttps://issues.redhat.com/browse/JBEAP-19617
- externalhttps://issues.redhat.com/browse/JBEAP-19619
- externalhttps://issues.redhat.com/browse/JBEAP-19673
- externalhttps://issues.redhat.com/browse/JBEAP-19674
- externalhttps://issues.redhat.com/browse/JBEAP-19874
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3464.json