RHSA-2023:7247CriticalCVSS 9.8

Red Hat Security Advisory: Red Hat Fuse 7.12.1 release and security update

Published
November 15, 2023
Last Modified
June 26, 2026

🔗 CVE IDs covered (13)

📋 Description

CVE-2023-3223 — undertow: OutOfMemoryError due to @MultipartConfig handling CVE-2023-3635 — okio: GzipSource class improper exception handling CVE-2023-34034 — spring-security-webflux: path wildcard leads to security bypass CVE-2023-36478 — jetty: hpack header values cause denial of service in http/2 CVE-2023-36479 — jetty: Improper addition of quotation marks to user inputs in CgiServlet CVE-2023-39410 — apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK CVE-2023-40167 — jetty: Improper validation of HTTP/1 content-length CVE-2023-41900 — jetty: OpenId Revoked authentication allows one request CVE-2023-42794 — tomcat: FileUpload: DoS due to accumulation of temporary files on Windows CVE-2023-42795 — tomcat: improper cleaning of recycled objects could lead to information leak CVE-2023-44487 — HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) CVE-2023-45648 — tomcat: incorrectly parsed http trailer headers can cause request smuggling CVE-2023-46604 — activemq-openwire: OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack

🔗 References (18)