Red Hat Security Advisory: Red Hat Fuse 7.12.1 release and security update
🔗 CVE IDs covered (13)
📋 Description
CVE-2023-3223 — undertow: OutOfMemoryError due to @MultipartConfig handling CVE-2023-3635 — okio: GzipSource class improper exception handling CVE-2023-34034 — spring-security-webflux: path wildcard leads to security bypass CVE-2023-36478 — jetty: hpack header values cause denial of service in http/2 CVE-2023-36479 — jetty: Improper addition of quotation marks to user inputs in CgiServlet CVE-2023-39410 — apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK CVE-2023-40167 — jetty: Improper validation of HTTP/1 content-length CVE-2023-41900 — jetty: OpenId Revoked authentication allows one request CVE-2023-42794 — tomcat: FileUpload: DoS due to accumulation of temporary files on Windows CVE-2023-42795 — tomcat: improper cleaning of recycled objects could lead to information leak CVE-2023-44487 — HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) CVE-2023-45648 — tomcat: incorrectly parsed http trailer headers can cause request smuggling CVE-2023-46604 — activemq-openwire: OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
🔗 References (18)
- selfhttps://access.redhat.com/errata/RHSA-2023:7247
- externalhttps://access.redhat.com/security/updates/classification/#critical
- externalhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=7.12.1
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2209689
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2229295
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2239630
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2239634
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2241271
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2242521
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2242803
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2243123
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2243749
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2243751
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2243752
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2246645
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2247052
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7247.json