Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7
🔗 CVE IDs covered (15)
📋 Description
CVE-2020-36518 — jackson-databind: denial of service via a large depth of nested objects CVE-2021-37136 — netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data CVE-2021-37137 — netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way CVE-2021-42392 — h2: Remote Code Execution in Console CVE-2021-43797 — netty: control chars in header names may lead to HTTP request smuggling CVE-2022-0084 — xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr CVE-2022-0853 — jboss-client: memory leakage in remote client transaction CVE-2022-0866 — wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled CVE-2022-1319 — undertow: Double AJP response for 400 from EAP 7 results in CPING failures CVE-2022-21299 — OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) CVE-2022-21363 — mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors CVE-2022-23221 — h2: Loading of custom classes from remote servers through JNDI CVE-2022-23437 — xerces-j2: infinite loop when handling specially crafted XML document payloads CVE-2022-23913 — artemis-commons: Apache ActiveMQ Artemis DoS CVE-2022-24785 — Moment.js: Path traversal in moment.locale
🔗 References (38)
- selfhttps://access.redhat.com/errata/RHSA-2022:4918
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2063601
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/
- externalhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2004133
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2004135
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2031958
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2039403
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2041472
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044596
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2047200
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2047343
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2060725
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2064226
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2064698
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2072009
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2073890
- externalhttps://issues.redhat.com/browse/JBEAP-23120
- externalhttps://issues.redhat.com/browse/JBEAP-23171
- externalhttps://issues.redhat.com/browse/JBEAP-23194
- externalhttps://issues.redhat.com/browse/JBEAP-23241
- externalhttps://issues.redhat.com/browse/JBEAP-23299
- externalhttps://issues.redhat.com/browse/JBEAP-23300
- externalhttps://issues.redhat.com/browse/JBEAP-23312
- externalhttps://issues.redhat.com/browse/JBEAP-23313
- externalhttps://issues.redhat.com/browse/JBEAP-23336
- externalhttps://issues.redhat.com/browse/JBEAP-23338
- externalhttps://issues.redhat.com/browse/JBEAP-23339
- externalhttps://issues.redhat.com/browse/JBEAP-23351
- externalhttps://issues.redhat.com/browse/JBEAP-23353
- externalhttps://issues.redhat.com/browse/JBEAP-23429
- externalhttps://issues.redhat.com/browse/JBEAP-23432
- externalhttps://issues.redhat.com/browse/JBEAP-23451
- externalhttps://issues.redhat.com/browse/JBEAP-23531
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2060929
- externalhttps://issues.redhat.com/browse/JBEAP-23532
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4918.json