Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
🔗 CVE IDs covered (20)
📋 Description
CVE-2015-9251 — jquery: Cross-site scripting via cross-domain ajax requests CVE-2016-10735 — bootstrap: XSS in the data-target attribute CVE-2017-18214 — nodejs-moment: Regular expression denial of service CVE-2018-14040 — bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute CVE-2018-14041 — bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy CVE-2018-14042 — bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip CVE-2019-8331 — bootstrap: XSS in the tooltip or popover data-template attribute CVE-2019-11358 — jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection CVE-2020-11022 — jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method CVE-2020-11023 — jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2022-3143 — wildfly-elytron: possible timing attacks via use of unsafe comparator CVE-2022-40149 — jettison: parser crash by stackoverflow CVE-2022-40150 — jettison: memory exhaustion via user-supplied XML or JSON data CVE-2022-40152 — woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks CVE-2022-42003 — jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS CVE-2022-42004 — jackson-databind: use of deeply nested arrays CVE-2022-45047 — mina-sshd: Java unsafe deserialization vulnerability CVE-2022-45693 — jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos CVE-2022-46363 — CXF: directory listing / code exfiltration CVE-2022-46364 — CXF: SSRF Vulnerability
🔗 References (44)
- selfhttps://access.redhat.com/errata/RHSA-2023:0556
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1399546
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1553413
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1601614
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1601616
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1601617
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1668097
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1686454
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1701972
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1828406
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1850004
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2124682
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2134291
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2135244
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2135247
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2135770
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2135771
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2145194
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2155681
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2155682
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2155970
- externalhttps://issues.redhat.com/browse/JBEAP-23864
- externalhttps://issues.redhat.com/browse/JBEAP-23865
- externalhttps://issues.redhat.com/browse/JBEAP-23866
- externalhttps://issues.redhat.com/browse/JBEAP-24055
- externalhttps://issues.redhat.com/browse/JBEAP-24081
- externalhttps://issues.redhat.com/browse/JBEAP-24095
- externalhttps://issues.redhat.com/browse/JBEAP-24100
- externalhttps://issues.redhat.com/browse/JBEAP-24127
- externalhttps://issues.redhat.com/browse/JBEAP-24128
- externalhttps://issues.redhat.com/browse/JBEAP-24132
- externalhttps://issues.redhat.com/browse/JBEAP-24147
- externalhttps://issues.redhat.com/browse/JBEAP-24167
- externalhttps://issues.redhat.com/browse/JBEAP-24191
- externalhttps://issues.redhat.com/browse/JBEAP-24195
- externalhttps://issues.redhat.com/browse/JBEAP-24207
- externalhttps://issues.redhat.com/browse/JBEAP-24248
- externalhttps://issues.redhat.com/browse/JBEAP-24426
- externalhttps://issues.redhat.com/browse/JBEAP-24427
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0556.json