Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 8 security update
🔗 CVE IDs covered (8)
📋 Description
CVE-2023-2976 — guava: insecure temporary directory creation CVE-2023-4503 — eap-galleon: custom provisioning creates unsecured http-invoker CVE-2023-5685 — xnio: StackOverflowException when the chain of notifier states becomes problematically big CVE-2023-26048 — jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() CVE-2023-26049 — jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies CVE-2023-35887 — apache-mina-sshd: information exposure in SFTP server implementations CVE-2023-39410 — apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK CVE-2023-44487 — HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
🔗 References (36)
- selfhttps://access.redhat.com/errata/RHSA-2023:7638
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003
- externalhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/
- externalhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2184751
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2215229
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2236340
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2236341
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2240036
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2242521
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2242803
- externalhttps://issues.redhat.com/browse/JBEAP-25004
- externalhttps://issues.redhat.com/browse/JBEAP-25085
- externalhttps://issues.redhat.com/browse/JBEAP-25086
- externalhttps://issues.redhat.com/browse/JBEAP-25378
- externalhttps://issues.redhat.com/browse/JBEAP-25380
- externalhttps://issues.redhat.com/browse/JBEAP-25419
- externalhttps://issues.redhat.com/browse/JBEAP-25451
- externalhttps://issues.redhat.com/browse/JBEAP-25457
- externalhttps://issues.redhat.com/browse/JBEAP-25541
- externalhttps://issues.redhat.com/browse/JBEAP-25547
- externalhttps://issues.redhat.com/browse/JBEAP-25576
- externalhttps://issues.redhat.com/browse/JBEAP-25594
- externalhttps://issues.redhat.com/browse/JBEAP-25627
- externalhttps://issues.redhat.com/browse/JBEAP-25657
- externalhttps://issues.redhat.com/browse/JBEAP-25685
- externalhttps://issues.redhat.com/browse/JBEAP-25700
- externalhttps://issues.redhat.com/browse/JBEAP-25716
- externalhttps://issues.redhat.com/browse/JBEAP-25726
- externalhttps://issues.redhat.com/browse/JBEAP-25772
- externalhttps://issues.redhat.com/browse/JBEAP-25779
- externalhttps://issues.redhat.com/browse/JBEAP-25803
- externalhttps://issues.redhat.com/browse/JBEAP-25838
- externalhttps://issues.redhat.com/browse/JBEAP-26041
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7638.json