RHSA-2022:6825HighCVSS 7.5
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update
🔗 CVE IDs covered (3)
📋 Description
CVE-2022-1259 — undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) CVE-2022-2053 — undertow: Large AJP request may cause DoS CVE-2022-25857 — snakeyaml: Denial of Service due to missing nested depth limitation for collections
🔗 References (22)
- selfhttps://access.redhat.com/errata/RHSA-2022:6825
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2072339
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2095862
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2126789
- externalhttps://issues.redhat.com/browse/JBEAP-23687
- externalhttps://issues.redhat.com/browse/JBEAP-23738
- externalhttps://issues.redhat.com/browse/JBEAP-23741
- externalhttps://issues.redhat.com/browse/JBEAP-23753
- externalhttps://issues.redhat.com/browse/JBEAP-23772
- externalhttps://issues.redhat.com/browse/JBEAP-23794
- externalhttps://issues.redhat.com/browse/JBEAP-23802
- externalhttps://issues.redhat.com/browse/JBEAP-23803
- externalhttps://issues.redhat.com/browse/JBEAP-23805
- externalhttps://issues.redhat.com/browse/JBEAP-23816
- externalhttps://issues.redhat.com/browse/JBEAP-23818
- externalhttps://issues.redhat.com/browse/JBEAP-23869
- externalhttps://issues.redhat.com/browse/JBEAP-23881
- externalhttps://issues.redhat.com/browse/JBEAP-23912
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6825.json