RHSA-2023:7639HighCVSS 7.5

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 9 security update

Published
December 4, 2023
Last Modified
July 10, 2026

🔗 CVE IDs covered (8)

📋 Description

CVE-2023-2976 — guava: insecure temporary directory creation CVE-2023-4503 — eap-galleon: custom provisioning creates unsecured http-invoker CVE-2023-5685 — xnio: StackOverflowException when the chain of notifier states becomes problematically big CVE-2023-26048 — jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() CVE-2023-26049 — jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies CVE-2023-35887 — apache-mina-sshd: information exposure in SFTP server implementations CVE-2023-39410 — apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK CVE-2023-44487 — HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

🔗 References (36)