RHSA-2024:5143HighCVSS 7.5
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.18 Security update
🔗 CVE IDs covered (7)
📋 Description
CVE-2024-3653 — undertow: LearningPushHandler can lead to remote memory DoS attacks CVE-2024-5971 — undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket CVE-2024-27316 — httpd: CONTINUATION frames DoS CVE-2024-29025 — netty-codec-http: Allocation of Resources Without Limits or Throttling CVE-2024-29857 — org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service CVE-2024-30171 — bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack) CVE-2024-30172 — org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class
🔗 References (24)
- selfhttps://access.redhat.com/errata/RHSA-2024:5143
- externalhttps://access.redhat.com/articles/7073034
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/
- externalhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2268277
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2272907
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2274437
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2276360
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2292211
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2293025
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2293028
- externalhttps://issues.redhat.com/browse/JBEAP-26292
- externalhttps://issues.redhat.com/browse/JBEAP-26833
- externalhttps://issues.redhat.com/browse/JBEAP-27017
- externalhttps://issues.redhat.com/browse/JBEAP-27056
- externalhttps://issues.redhat.com/browse/JBEAP-27078
- externalhttps://issues.redhat.com/browse/JBEAP-27079
- externalhttps://issues.redhat.com/browse/JBEAP-27101
- externalhttps://issues.redhat.com/browse/JBEAP-27181
- externalhttps://issues.redhat.com/browse/JBEAP-27290
- externalhttps://issues.redhat.com/browse/JBEAP-27352
- externalhttps://issues.redhat.com/browse/JBEAP-27353
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5143.json