RHSA-2023:1512HighCVSS 9.8
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 7 security update
🔗 CVE IDs covered (9)
📋 Description
CVE-2022-1471 — SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-4492 — undertow: Server identity in https connection is not checked by the undertow client CVE-2022-38752 — snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode CVE-2022-41853 — hsqldb: Untrusted input may lead to RCE attack CVE-2022-41854 — dev-java/snakeyaml: DoS via stack overflow CVE-2022-41881 — codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS CVE-2022-45787 — apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider CVE-2023-0482 — RESTEasy: creation of insecure temp files CVE-2023-1108 — Undertow: Infinite loop in SslConduit during close
🔗 References (35)
- selfhttps://access.redhat.com/errata/RHSA-2023:1512
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/
- externalhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2129710
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2136141
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2150009
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2151988
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2153260
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2153379
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2158916
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2166004
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2174246
- externalhttps://issues.redhat.com/browse/JBEAP-23572
- externalhttps://issues.redhat.com/browse/JBEAP-24120
- externalhttps://issues.redhat.com/browse/JBEAP-24172
- externalhttps://issues.redhat.com/browse/JBEAP-24182
- externalhttps://issues.redhat.com/browse/JBEAP-24220
- externalhttps://issues.redhat.com/browse/JBEAP-24254
- externalhttps://issues.redhat.com/browse/JBEAP-24292
- externalhttps://issues.redhat.com/browse/JBEAP-24339
- externalhttps://issues.redhat.com/browse/JBEAP-24341
- externalhttps://issues.redhat.com/browse/JBEAP-24363
- externalhttps://issues.redhat.com/browse/JBEAP-24372
- externalhttps://issues.redhat.com/browse/JBEAP-24380
- externalhttps://issues.redhat.com/browse/JBEAP-24383
- externalhttps://issues.redhat.com/browse/JBEAP-24384
- externalhttps://issues.redhat.com/browse/JBEAP-24385
- externalhttps://issues.redhat.com/browse/JBEAP-24395
- externalhttps://issues.redhat.com/browse/JBEAP-24507
- externalhttps://issues.redhat.com/browse/JBEAP-24574
- externalhttps://issues.redhat.com/browse/JBEAP-24588
- externalhttps://issues.redhat.com/browse/JBEAP-24605
- externalhttps://issues.redhat.com/browse/JBEAP-24618
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1512.json