RHSA-2020:3501HighCVSS 8.1

Red Hat Security Advisory: Red Hat Single Sign-On 7.4.2 security update

Published
August 18, 2020
Last Modified
June 26, 2026

🔗 CVE IDs covered (15)

📋 Description

CVE-2020-1710 — EAP: field-name is not parsed in accordance to RFC7230 CVE-2020-1728 — keycloak: security headers missing on REST endpoints CVE-2020-1748 — Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain CVE-2020-10672 — jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution CVE-2020-10673 — jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution CVE-2020-10683 — dom4j: XML External Entity vulnerability in default SAX parser CVE-2020-10687 — Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests CVE-2020-10693 — hibernate-validator: Improper input validation in the interpolation of constraint error messages CVE-2020-10714 — wildfly-elytron: session fixation when using FORM authentication CVE-2020-10718 — wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API CVE-2020-10740 — wildfly: unsafe deserialization in Wildfly Enterprise Java Beans CVE-2020-10758 — keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body CVE-2020-11612 — netty: compression/decompression codecs don't enforce limits on buffer allocation sizes CVE-2020-14297 — wildfly: Some EJB transaction objects may get accumulated causing Denial of Service CVE-2020-14307 — wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service

🔗 References (19)